Overview

overview

10

Static

static

10

600-57-0x0...ry.dll

windows7-x64

3

600-57-0x0...ry.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    600-57-0x0000000010000000-0x000000001000E000-memory.dmp

  • Size

    56KB

  • Sample

    221020-pmfedsdfc4

  • MD5

    807798f015fc796141f95bb75f4aff3b

  • SHA1

    d7a312ad2792afd930ebf064e653b3cec48cde3e

  • SHA256

    f3b166c484c622948fc255e0848009829734b30e548aacb2b36e231e893fedd1

  • SHA512

    1938beac40fdd3f8dfada694352daa9adf6101ff86cea59ff32d4fed3c3d5760b8abc420701b8f3e73fbde473467eec31672f9b10c7c6a33cec8c80c09824121

  • SSDEEP

    768:A2gGmsx3R69vhvjyRpq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiu6:KGBx3R6HApqlaPGhVMq2LpeReOb2Pmp

Score
10/10
gozi_ifsb5000

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5000

C2

config.edge.skype.com

onlinetwork.top

linetwork.top
Attributes
  • base_path

    /drew/

  • build

    250246

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      600-57-0x0000000010000000-0x000000001000E000-memory.dmp

    • Size

      56KB

    • MD5

      807798f015fc796141f95bb75f4aff3b

    • SHA1

      d7a312ad2792afd930ebf064e653b3cec48cde3e

    • SHA256

      f3b166c484c622948fc255e0848009829734b30e548aacb2b36e231e893fedd1

    • SHA512

      1938beac40fdd3f8dfada694352daa9adf6101ff86cea59ff32d4fed3c3d5760b8abc420701b8f3e73fbde473467eec31672f9b10c7c6a33cec8c80c09824121

    • SSDEEP

      768:A2gGmsx3R69vhvjyRpq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiu6:KGBx3R6HApqlaPGhVMq2LpeReOb2Pmp

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks