6516805C322B33C1017F60314548D9A6

General
Target

6516805C322B33C1017F60314548D9A6

Size

583KB

Sample

210309-kxbe8wzgge

Score
10 /10
MD5

6516805c322b33c1017f60314548d9a6

SHA1

bf46387cc42242434ba8aa788974a3f851e12e85

SHA256

8f6ee0292d691bd26c1faf3c18ab30956f00a1cdc4e93a26958a559d96b400c0

SHA512

c81c4c963bced891449458ea0936dab5e9eea904e78ef2fd3fcbd43aae49cb60c5343c0bc1756fa6f5efdd312dc2dc6fd0d698246cb56743435260796f74432c

Malware Config

Extracted

Family gozi_rm3
Botnet 40000
C2

https://fleekstar.xyz

Attributes
build
300848
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.base64
serpent.plain
Targets
Target

6516805C322B33C1017F60314548D9A6

MD5

6516805c322b33c1017f60314548d9a6

Filesize

583KB

Score
10 /10
SHA1

bf46387cc42242434ba8aa788974a3f851e12e85

SHA256

8f6ee0292d691bd26c1faf3c18ab30956f00a1cdc4e93a26958a559d96b400c0

SHA512

c81c4c963bced891449458ea0936dab5e9eea904e78ef2fd3fcbd43aae49cb60c5343c0bc1756fa6f5efdd312dc2dc6fd0d698246cb56743435260796f74432c

Tags

Signatures

  • Gozi RM3

    Description

    A heavily modified version of Gozi using RM3 loader.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10