General

  • Target

    c486d8579308999b7d9f8cbb6de33b7a3976b9db5b98c06b7744adf5d5d11caf

  • Size

    196KB

  • MD5

    c9bd16862ae56ec22ca70e30af4a4c8d

  • SHA1

    fa373e7657225b3bf681cbba1021a85b238c127e

  • SHA256

    c486d8579308999b7d9f8cbb6de33b7a3976b9db5b98c06b7744adf5d5d11caf

  • SHA512

    4467af98ff380fd03abc70270bedd29f1857b78f44e0ac6cb387c745b5e122eb8ed7ef33d5b28f4be4761857047768696a0f97150ef8407dc88484274f92f00a

  • SSDEEP

    6144:ZyrhJimqlal587TQeE1j7iknp3uCBA1VPM6C84JZ9v8/AXZS:ZoJzqglK7TZE1j7Zp+Cq1VPMc4rv8/

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1500

C2

api10.v8engine.at/webstore

b.in100k.at/webstore

vo5vuw5tdkqetax4.onion/webstore

api12.apgolop.at/webstore

extra.avareg.cn/webstore

d6djf2vtjv5kowow.onion/webstore

foo.up100n.at/webstore

h22.feel500.at/webstore

zq4aggr2i6hmklgd.onion/webstore

free.up100n.at/webstore

b52.mo100.at/webstore

api10.apgolop.at/webstore

Attributes
  • build

    250152

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    worker

  • server_id

    550

rsa_pubkey.plain
serpent.plain

Signatures

Files

  • c486d8579308999b7d9f8cbb6de33b7a3976b9db5b98c06b7744adf5d5d11caf
    .dll windows x86

    af61b1f5a22d930fb70c58ff31e34414


    Code Sign

    Headers

    Imports

    Sections