General

  • Target

    JaffaCakes118_15622fff703648c6b515892046f883f4737e55d08e11fec5bbfed084e922ce4c

  • Size

    56KB

  • MD5

    6f72ecaeaf6d8b0a06f0da5ae3754dbe

  • SHA1

    42750e04efcfec1868d5d80287d212e7f2a2abb6

  • SHA256

    15622fff703648c6b515892046f883f4737e55d08e11fec5bbfed084e922ce4c

  • SHA512

    0c9c3c62d630bad4a3245b9e6b30133b6b78f8b0faa3d611ea4ce912d126f380bfbfc0149bdb6d79580acccd12980076165c7b4cc0787816cba2908b8124c3e7

  • SSDEEP

    768:AWoCPLUiJVkvxey5eb8EvnVBosnO1T2VOYcV0HRoJvv5E:AWoM//t2eblt6T2VOcihv

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7625

C2

sistemliner.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_15622fff703648c6b515892046f883f4737e55d08e11fec5bbfed084e922ce4c
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections