Resubmissions

04-02-2021 17:01

210204-xrtmp5vtf6 10

04-02-2021 15:50

210204-tkhxpx8dz2 10

02-02-2021 23:28

210202-3js6anf7f2 10

General

  • Target

    33.dll

  • Size

    504KB

  • Sample

    210204-tkhxpx8dz2

  • MD5

    e3544f6cbe6b26af70c091ad6575a40f

  • SHA1

    e4b6104981b735e2f1620fc27bb45fff539ee8ce

  • SHA256

    5c428be510eee72712f41a9cd50292b5f45fcce039cca43c5f6238dab1d0021e

  • SHA512

    7f4144351e84f9b6a746a682f2be72f9784ff14dcb9be1251c143bb73864aadb1621c29ece7ce86a25086bad35dfe9378a86c4393e582fb82029c3711df608ef

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3300

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes
  • build

    250171

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      33.dll

    • Size

      504KB

    • MD5

      e3544f6cbe6b26af70c091ad6575a40f

    • SHA1

      e4b6104981b735e2f1620fc27bb45fff539ee8ce

    • SHA256

      5c428be510eee72712f41a9cd50292b5f45fcce039cca43c5f6238dab1d0021e

    • SHA512

      7f4144351e84f9b6a746a682f2be72f9784ff14dcb9be1251c143bb73864aadb1621c29ece7ce86a25086bad35dfe9378a86c4393e582fb82029c3711df608ef

MITRE ATT&CK Matrix

Tasks