General

  • Target

    4388097.iso

  • Size

    556KB

  • Sample

    220826-kvfb5saagp

  • MD5

    0f64e698a6d34f11fe39ec6fb1ee7c7b

  • SHA1

    4916c7fca60d68b29293615a5cc0d5ebd6370507

  • SHA256

    1e5c40fedcf1ec1e6bd1eb8791ec173bde8072b048e46923cb07a330d3eb7bb4

  • SHA512

    087ea456b9e790caf6edd578c16d246667ec5d765fc9e16f121dfb3e9c5ba9f5a1978562949c516d50fad390836954a2102e79556beb7dc4af9837a3eb262c49

  • SSDEEP

    12288:yRAUwJHGYTZhVyYtmNNEw2nSl5rrPZh5MxOKRgEk:yKHJHGYPwPEPSlZZh5MxnBk

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

superstarts.top

superlist.top

internetcoca.in

193.106.191.163

Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      3654856.lnk

    • Size

      1KB

    • MD5

      a0af1ad15a6dba88e6e8a7f594a2c60d

    • SHA1

      a4a6aa4a3a0a08896e605228bda111c911467b34

    • SHA256

      03ae99bad8603a244c0fb2efe554ec840286925f78f405623864d81501b41d5e

    • SHA512

      3d5f62568cf017288b3013d47d9be849249b00c0f5ac01c97571715df5d30fcccf77515b7740b9ebbe70e66b1c87d972764e1aef2a55195240c1b2a56739c3ea

    Score
    3/10
    • Target

      me/123.com

    • Size

      60KB

    • MD5

      d0432468fa4b7f66166c430e1334dbda

    • SHA1

      f72d978f4d1ca1c435b1164e7617464cc06a9381

    • SHA256

      7d99c80a1249a1ec9af0f3047c855778b06ea57e11943a271071985afe09e6c2

    • SHA512

      c6db867f1a240b0524d5854516d36bedf220f256ca0bde5f3529586e83dd52b5ecd4e1e1b89b54f67b117879deb2d51310e9151b3c29836de99f7ae89e24da69

    • SSDEEP

      768:pxwG48P6ESdJHC4F8t1gkXDXmekVZRNbSEln5IyYpamDjobj8SSa:n942hIpitWumbZR/ln5IUmDjoXb

    Score
    1/10
    • Target

      me/evenOn.bat

    • Size

      72B

    • MD5

      ab76f00f567ae3fc222ddb8305ffe3e7

    • SHA1

      c389e83c80b063fd8328f1722beb2769c7777fd6

    • SHA256

      0e2265ad735aa9ea5adc8888ef16dece09526fac7b30b68bbe1cfd92a72c42f4

    • SHA512

      796165a01cf13165604bf870731bd167f38a21fb393761766dd9007cc4488129cd408feb9515ca76e94d3dd14e550812fce05e7bdd4dba64b4de2b99bd7e53b0

    Score
    1/10
    • Target

      me/goBe.js

    • Size

      392B

    • MD5

      ea3d271eb31c6a67795e4a9bd3c1c93c

    • SHA1

      479c7d7bdb5d399d4810570a7dc3a7fe3f04f267

    • SHA256

      41da678f25fc80b4efce03184e0fda09ac0aec014105cef887798f2ace8d3c21

    • SHA512

      31f31a4461935a0a0f9df6cbf8d9e4493f9643076993401f13c9393f9228e4e944113b24f6a92d7d7f54f2945f644579697273ca8a0e6b92e23f23fb77202e34

    Score
    1/10
    • Target

      me/makeAbout.db

    • Size

      351KB

    • MD5

      60375d64a9a496e220b6eb1b63e899b3

    • SHA1

      d1b2dd93026b83672118940df78a41e2ee02be80

    • SHA256

      8e570e32acb99abfd0daf62cff13a09eb694ebfa633a365d224aefc6449f97de

    • SHA512

      94dd11ffac54db7301572688958a7e8c0a8486a614370dc5e78a0148c31bfbdc856dc8313ea8b06e0ed6d7e57b45e649af72bba56723b96e1269dfec5e0dcc5f

    • SSDEEP

      6144:S5UwskH5M4JuJAGEshm9uu7tDC/vjalCX6hBydwErnZJ2hVmv3Itrfq/mENG1w2O:oUwJHGYTZhVyYtmNNEw2nSl5rrPZh5Mx

MITRE ATT&CK Enterprise v6

Tasks