Overview

overview

10

Static

static

10

worker_500...c6.dll

windows7-x64

3

worker_500...c6.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    worker_5000_877b745551449563ba148c7bc520fb28aefeeeef6cf59e908d65e89c634f10c6.bin

  • Size

    177KB

  • Sample

    221020-tq64qsdbd8

  • MD5

    dcbde2dc1d305ae6dec41559a55458f5

  • SHA1

    09c9a5a0d45b527e68720f5ffa87032132a8e3f8

  • SHA256

    877b745551449563ba148c7bc520fb28aefeeeef6cf59e908d65e89c634f10c6

  • SHA512

    a3ce9f9d6f6034dd708402a2a08ca7a9995d5172e99b0911584d99dbd701a4a87eb986f06d51c339102aaeba78e875a1abe539e5717c9e57c225aae0ff11b143

  • SSDEEP

    3072:rLQsLhnCYPu9BTqN+SxXZHz1/HfGBg2WbnV/Hm+CfbG5aX9S2CkcD2ff+4BoId:AkuX0tH9GLWbnVTCDG6Skc0+ooId

Score
10/10
gozi_ifsb5000

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5000

C2

linesgroup.top

linegroup.top

mmmmmm.bar

puntomails.com

connectgroup.info

onlinesgroup.pw

doctoronliner.ru

dendexmm.com

fortrexmll.com
Attributes
  • base_path

    /images/

  • build

    250246

  • exe_type

    worker

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      worker_5000_877b745551449563ba148c7bc520fb28aefeeeef6cf59e908d65e89c634f10c6.bin

    • Size

      177KB

    • MD5

      dcbde2dc1d305ae6dec41559a55458f5

    • SHA1

      09c9a5a0d45b527e68720f5ffa87032132a8e3f8

    • SHA256

      877b745551449563ba148c7bc520fb28aefeeeef6cf59e908d65e89c634f10c6

    • SHA512

      a3ce9f9d6f6034dd708402a2a08ca7a9995d5172e99b0911584d99dbd701a4a87eb986f06d51c339102aaeba78e875a1abe539e5717c9e57c225aae0ff11b143

    • SSDEEP

      3072:rLQsLhnCYPu9BTqN+SxXZHz1/HfGBg2WbnV/Hm+CfbG5aX9S2CkcD2ff+4BoId:AkuX0tH9GLWbnVTCDG6Skc0+ooId

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks