Overview

overview

10

Static

static

10

a353dfb1b5...fc.dll

windows7_x64

1

a353dfb1b5...fc.dll

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a353dfb1b5eb69808244356cf9a784181c53eea2cb3f254749fa19c307c30cfc

  • Size

    68KB

  • MD5

    08872d5cfea82b5e0ccbea0392013acc

  • SHA1

    fff6a5844df8e60213214fbbe687e86fd2d34a93

  • SHA256

    a353dfb1b5eb69808244356cf9a784181c53eea2cb3f254749fa19c307c30cfc

  • SHA512

    34232c94f92f491f0ee73717a4ca4df339adc74ff0bf2b1e7fe24d4f4ba015dba7f91b03c2becfa196d32967d0ab204086a894b26d43f251a96cbbe1563b8ede

Score
10/10
40000gozi_rm3

Malware Config

Extracted

Family

gozi_rm3

Botnet

40000

C2

https://daycareforyou.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Signatures

Files

  • a353dfb1b5eb69808244356cf9a784181c53eea2cb3f254749fa19c307c30cfc
    .dll windows x86