General

  • Target

    3488164.iso

  • Size

    556KB

  • Sample

    220826-kxqwnabbc4

  • MD5

    f7d85c971e9604cc6d2a2ffcac1ee4a3

  • SHA1

    67175143196c17f10776bdf5fbf832e50a646824

  • SHA256

    e999890ce5eb5b456563650145308ae837d940e38aec50d2f02670671d472b99

  • SHA512

    71bd76baf1226f74423d942eed2c436e808e1196ac88e17af3262c800b0d1cb1bcc09cb8253de9629160d786cb77224621c4ac4989c264c12dd87c872032aa78

  • SSDEEP

    12288:aROUwJHGYTZhVyYtmNNEw2nSl5rrPZh5MxOKRgEk:akHJHGYPwPEPSlZZh5MxnBk

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

superstarts.top

superlist.top

internetcoca.in

193.106.191.163

Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      6570872.lnk

    • Size

      1KB

    • MD5

      c6b605a120e0d3f3cbd146bdbc358834

    • SHA1

      328afa8338d60202d55191912eea6151f80956d3

    • SHA256

      16323b3e56a0cbbba742b8d0af8519f53a78c13f9b3473352fcce2d28660cb37

    • SHA512

      221792719ac73861dd574c9e9fa3c2cd64c0f409e493768f37c2a75ce4c0671c5d72aa2ef89aef71c91723fe40ff1f45636200193d7c059fc33df94898fbcb61

    Score
    3/10
    • Target

      me/123.com

    • Size

      60KB

    • MD5

      d0432468fa4b7f66166c430e1334dbda

    • SHA1

      f72d978f4d1ca1c435b1164e7617464cc06a9381

    • SHA256

      7d99c80a1249a1ec9af0f3047c855778b06ea57e11943a271071985afe09e6c2

    • SHA512

      c6db867f1a240b0524d5854516d36bedf220f256ca0bde5f3529586e83dd52b5ecd4e1e1b89b54f67b117879deb2d51310e9151b3c29836de99f7ae89e24da69

    • SSDEEP

      768:pxwG48P6ESdJHC4F8t1gkXDXmekVZRNbSEln5IyYpamDjobj8SSa:n942hIpitWumbZR/ln5IUmDjoXb

    Score
    1/10
    • Target

      me/alsoOne.bat

    • Size

      75B

    • MD5

      c03f5e2bc4f2307f6ee68675d2026c82

    • SHA1

      4ce65da98f0fd0fc4372b97b3e6f8fbeec32deb3

    • SHA256

      6a9b7c289d7338760dd38d42a9e61d155ae906c14e80a1fed2ec62a4327a4f71

    • SHA512

      9226d19ba2bb0a196fe8dc2e45e40e46acbd1674e0a3469eb0f1da3fc9f488fd11042e9493c1d3d3925e2cc0e5bf33ee1d167e684a34f5c07bdb3ca36d69efd8

    Score
    1/10
    • Target

      me/canWell.js

    • Size

      389B

    • MD5

      6bb867e53c46aa55a3ae92e425c6df91

    • SHA1

      6d4f1a9658baccd2e406454b2ad40ca2353916ab

    • SHA256

      5b51bd2518ad4b9353898ed329f1b2b60f72142f90cd7e37ee42579ee1b645be

    • SHA512

      4a1a0a4fd5a9c48f56ea58a40eccb65470a81852ae2a3a5511608e3af4818b8265510e85367126b1dc1d63825cb038fa266bd7f52d0fecaa845e060f202554ad

    Score
    1/10
    • Target

      me/itsIt.db

    • Size

      351KB

    • MD5

      60375d64a9a496e220b6eb1b63e899b3

    • SHA1

      d1b2dd93026b83672118940df78a41e2ee02be80

    • SHA256

      8e570e32acb99abfd0daf62cff13a09eb694ebfa633a365d224aefc6449f97de

    • SHA512

      94dd11ffac54db7301572688958a7e8c0a8486a614370dc5e78a0148c31bfbdc856dc8313ea8b06e0ed6d7e57b45e649af72bba56723b96e1269dfec5e0dcc5f

    • SSDEEP

      6144:S5UwskH5M4JuJAGEshm9uu7tDC/vjalCX6hBydwErnZJ2hVmv3Itrfq/mENG1w2O:oUwJHGYTZhVyYtmNNEw2nSl5rrPZh5Mx

MITRE ATT&CK Enterprise v6

Tasks