General

  • Target

    a088841ceeaee1306585579ef9a72980.dll

  • Size

    286KB

  • Sample

    210210-9rk4ylw342

  • MD5

    a088841ceeaee1306585579ef9a72980

  • SHA1

    fa643f530d8662b61ba459dae488332945e203a5

  • SHA256

    874342cb9571e9c05d9e29b415c42767df9ca677abfd9867ad23f966cdc6e80a

  • SHA512

    8f78fa6b0b76d3b11a1f0f6f2d990486e950d140dd5d692c3c8112643c730a47d83e93259bf362074b6c826f0a57dac81974b1d4e65fa9c0ddc981ac75cd3aa1

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2200

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes
  • build

    250171

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      a088841ceeaee1306585579ef9a72980.dll

    • Size

      286KB

    • MD5

      a088841ceeaee1306585579ef9a72980

    • SHA1

      fa643f530d8662b61ba459dae488332945e203a5

    • SHA256

      874342cb9571e9c05d9e29b415c42767df9ca677abfd9867ad23f966cdc6e80a

    • SHA512

      8f78fa6b0b76d3b11a1f0f6f2d990486e950d140dd5d692c3c8112643c730a47d83e93259bf362074b6c826f0a57dac81974b1d4e65fa9c0ddc981ac75cd3aa1

MITRE ATT&CK Matrix

Tasks