General

  • Target

    makeAbout.db

  • Size

    351KB

  • Sample

    220826-kvfb5saagq

  • MD5

    60375d64a9a496e220b6eb1b63e899b3

  • SHA1

    d1b2dd93026b83672118940df78a41e2ee02be80

  • SHA256

    8e570e32acb99abfd0daf62cff13a09eb694ebfa633a365d224aefc6449f97de

  • SHA512

    94dd11ffac54db7301572688958a7e8c0a8486a614370dc5e78a0148c31bfbdc856dc8313ea8b06e0ed6d7e57b45e649af72bba56723b96e1269dfec5e0dcc5f

  • SSDEEP

    6144:S5UwskH5M4JuJAGEshm9uu7tDC/vjalCX6hBydwErnZJ2hVmv3Itrfq/mENG1w2O:oUwJHGYTZhVyYtmNNEw2nSl5rrPZh5Mx

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

superstarts.top

superlist.top

internetcoca.in

193.106.191.163

Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      makeAbout.db

    • Size

      351KB

    • MD5

      60375d64a9a496e220b6eb1b63e899b3

    • SHA1

      d1b2dd93026b83672118940df78a41e2ee02be80

    • SHA256

      8e570e32acb99abfd0daf62cff13a09eb694ebfa633a365d224aefc6449f97de

    • SHA512

      94dd11ffac54db7301572688958a7e8c0a8486a614370dc5e78a0148c31bfbdc856dc8313ea8b06e0ed6d7e57b45e649af72bba56723b96e1269dfec5e0dcc5f

    • SSDEEP

      6144:S5UwskH5M4JuJAGEshm9uu7tDC/vjalCX6hBydwErnZJ2hVmv3Itrfq/mENG1w2O:oUwJHGYTZhVyYtmNNEw2nSl5rrPZh5Mx

MITRE ATT&CK Matrix

Tasks