General

  • Target

    manIf.db

  • Size

    351KB

  • Sample

    220825-y736maaehk

  • MD5

    60375d64a9a496e220b6eb1b63e899b3

  • SHA1

    d1b2dd93026b83672118940df78a41e2ee02be80

  • SHA256

    8e570e32acb99abfd0daf62cff13a09eb694ebfa633a365d224aefc6449f97de

  • SHA512

    94dd11ffac54db7301572688958a7e8c0a8486a614370dc5e78a0148c31bfbdc856dc8313ea8b06e0ed6d7e57b45e649af72bba56723b96e1269dfec5e0dcc5f

  • SSDEEP

    6144:S5UwskH5M4JuJAGEshm9uu7tDC/vjalCX6hBydwErnZJ2hVmv3Itrfq/mENG1w2O:oUwJHGYTZhVyYtmNNEw2nSl5rrPZh5Mx

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

superstarts.top

superlist.top

internetcoca.in

193.106.191.163

Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi_ifsb

Botnet

3000

C2

superliner.top

superlinez.top

internetlined.com

internetlines.in

medialists.su

medialists.ru

mediawagi.info

mediawagi.ru

5.42.199.83

denterdrigx.com

и

digserchx.at

Attributes
  • base_path

    /images/

  • build

    250240

  • exe_type

    worker

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      manIf.db

    • Size

      351KB

    • MD5

      60375d64a9a496e220b6eb1b63e899b3

    • SHA1

      d1b2dd93026b83672118940df78a41e2ee02be80

    • SHA256

      8e570e32acb99abfd0daf62cff13a09eb694ebfa633a365d224aefc6449f97de

    • SHA512

      94dd11ffac54db7301572688958a7e8c0a8486a614370dc5e78a0148c31bfbdc856dc8313ea8b06e0ed6d7e57b45e649af72bba56723b96e1269dfec5e0dcc5f

    • SSDEEP

      6144:S5UwskH5M4JuJAGEshm9uu7tDC/vjalCX6hBydwErnZJ2hVmv3Itrfq/mENG1w2O:oUwJHGYTZhVyYtmNNEw2nSl5rrPZh5Mx

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks