Resubmissions

23-08-2021 18:19

210823-zsnm2vq9pj 10

24-12-2020 08:17

201224-d3h89dhrs2 10

General

  • Target

    06369d24c347761e4c618f4759c0de01.zip

  • Size

    118KB

  • Sample

    210823-zsnm2vq9pj

  • MD5

    fb31b6d4fde820eea2877612ad71caf3

  • SHA1

    a08d51b9722765693cb57125be858c12142a511c

  • SHA256

    decc5373395af97614b932bb9bd99d8febd84cfd8ca09cc7d765f187c9253907

  • SHA512

    06d858df58de31f3f203cbd1b485e13c99ebcde6542978e1c76eb07c5c213237e42e5b891b65354885e0d502f7b98a4532cbc2eb3f15dd36065979585f344e77

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1100

C2

api10.laptok.at/api1

Attributes
  • build

    250155

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    730

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      5e320cafb35de3e8f8c8c5878fe399143eda3b5a8b2076171754c97f350135a6

    • Size

      619KB

    • MD5

      06369d24c347761e4c618f4759c0de01

    • SHA1

      b76ab3c1e5a5fbe177030fd6e4a2c082c2f43264

    • SHA256

      5e320cafb35de3e8f8c8c5878fe399143eda3b5a8b2076171754c97f350135a6

    • SHA512

      c2efe5c5d999961a345a06d49361e5fb7cfa6f8ca13ec1d919279c99fa8863394157b2f6c9695922fc172d5322157360549f1a048fff648f2cab9d7fe7436547

MITRE ATT&CK Enterprise v6

Tasks