1844sase.exe

General
Target

1844sase.exe

Size

332KB

Sample

210309-7n13ybp6e6

Score
10 /10
MD5

51373389a8df39b4101b69346e3ba336

SHA1

022acbdec0f0fa53874aa959dccebe107d6b871f

SHA256

c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa

SHA512

d09efb3f00adacd97a46d9bbcbb9b0c2b7a78db66ad57e9491f8ad73d1c5b242b5e4248d61254058123e0d795dd95a7560cbb73252872ff2ebd79ace58f843fc

Malware Config

Extracted

Family gozi_rm3
Botnet 92020291
C2

https://vilecorbeanca.xyz

Attributes
build
300913
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm
rsa_pubkey.base64
serpent.plain
Targets
Target

1844sase.exe

MD5

51373389a8df39b4101b69346e3ba336

Filesize

332KB

Score
10 /10
SHA1

022acbdec0f0fa53874aa959dccebe107d6b871f

SHA256

c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa

SHA512

d09efb3f00adacd97a46d9bbcbb9b0c2b7a78db66ad57e9491f8ad73d1c5b242b5e4248d61254058123e0d795dd95a7560cbb73252872ff2ebd79ace58f843fc

Tags

Signatures

  • Gozi RM3

    Description

    A heavily modified version of Gozi using RM3 loader.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10