General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • Sample

    220826-k97pyabch7

  • MD5

    8fef30ff79225d9232a55dd5c85a375c

  • SHA1

    335359d01a6290a6518af3b6d51d6f51f5a8439d

  • SHA256

    72d5b97a5b873ef9975826be0cc902d1df9f25ad4bc98cc352b06328f03225e2

  • SHA512

    528e43c462293eaca03cfaa15cef013bd69815676280641998a783e871f8f0be933c4ee5e210d4c1909655ae1dbdb9c556cc8865b493eaf09db163679c54e656

  • SSDEEP

    768:0lYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4yM7gp/6lvVpT:0lYhzJ2VQEFf/2VYuAZOzNM7uyH

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

superstarts.top

superlist.top

internetcoca.in

193.106.191.163

Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      43KB

    • MD5

      8fef30ff79225d9232a55dd5c85a375c

    • SHA1

      335359d01a6290a6518af3b6d51d6f51f5a8439d

    • SHA256

      72d5b97a5b873ef9975826be0cc902d1df9f25ad4bc98cc352b06328f03225e2

    • SHA512

      528e43c462293eaca03cfaa15cef013bd69815676280641998a783e871f8f0be933c4ee5e210d4c1909655ae1dbdb9c556cc8865b493eaf09db163679c54e656

    • SSDEEP

      768:0lYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4yM7gp/6lvVpT:0lYhzJ2VQEFf/2VYuAZOzNM7uyH

    Score
    1/10

MITRE ATT&CK Matrix

Tasks