General
Target

Software Two Pty Ltd

Size

279KB

Sample

210525-578q7k73ej

Score
10/10
MD5

e51e8d553d497180c028cbd9b3123d32

SHA1

902d5707d5e8d6d4e6f6e60e1b95aea5609723c6

SHA256

8f6b3ca7b7afd249f3fc68f7ff2ce5ca5a206c2a1d123b5ac3aa28bf7f1eabd8

SHA512

5ed08018b744233fd72f3c283b55e3809cc628e6d82edcbdf6f9ae6170c6e20faa8fc499d0949fc68695f98d757701418247b955f261a95bf7b6dc31b155f437

Malware Config

Extracted

Family

gozi_rm3

Botnet

202105141

C2

https://robonight.xyz

Attributes
build
300968
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

Software Two Pty Ltd

MD5

e51e8d553d497180c028cbd9b3123d32

Filesize

279KB

Score
10/10
SHA1

902d5707d5e8d6d4e6f6e60e1b95aea5609723c6

SHA256

8f6b3ca7b7afd249f3fc68f7ff2ce5ca5a206c2a1d123b5ac3aa28bf7f1eabd8

SHA512

5ed08018b744233fd72f3c283b55e3809cc628e6d82edcbdf6f9ae6170c6e20faa8fc499d0949fc68695f98d757701418247b955f261a95bf7b6dc31b155f437

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        N/A

                        behavioral1

                        Score
                        10/10

                        behavioral2

                        Score
                        10/10