General

  • Target

    561a3b421704cfd21806fccd5b3badd2ebf1f7dcbe369ce491f6dec783a16f79

  • Size

    424KB

  • MD5

    74de068240e3db03ee19c9d317a29934

  • SHA1

    5ceb7b29a7bca4e00fab28c4174556ca58bdb560

  • SHA256

    561a3b421704cfd21806fccd5b3badd2ebf1f7dcbe369ce491f6dec783a16f79

  • SHA512

    eba6546bbe8ee2dc5221022ff934270cc6dfb5f2eb5664f0c1225930b34a30453f72d196436761a75d452cb6e3d2c05393f5d08efe244c209f156dacb24b2bd4

  • SSDEEP

    6144:0YtGd/ySWTam85idpqgtyUKNaTBfCmevU7+t:0YgtySWTam85s/g6BfXeZt

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

202201

C2

telemetry.skype.com

gldobermanioliusdd.ru

semenshovdobermanoba4.ru

gdobermanciluiprada8.ru

mesantospilioosd.ru

klavsantosnka93hhu8.ru

checkgosantoswahnedr.ru

stypesantosgirlsld99.ru

dasantoseikosano000.ru

rkrygliyakinaribalke.ru

klkrygliyaysiroppe0.ru

musskrygliyakatt67838.ru

Attributes
  • base_path

    /drew/

  • build

    250224

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 561a3b421704cfd21806fccd5b3badd2ebf1f7dcbe369ce491f6dec783a16f79
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections