General

  • Target

    eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0

  • Size

    462KB

  • Sample

    220208-ydxfzsdhgk

  • MD5

    91543c693baf658d6e59cc0c676db2d4

  • SHA1

    0a00cbe757b2092cf859b73e63be2b51a0020407

  • SHA256

    eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0

  • SHA512

    3f29f8dd5d32f33aa755fd08007d4cc2675dbe819669900806ae5d327be18035aa08bd7f23d91f8fa0d2fec188c1c8bc165f33d6408d0d8cb8bd21c083e633ff

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300898

Extracted

Family

gozi_rm3

Botnet

89820235

C2

https://exeupay.xyz

Attributes
  • build

    300898

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0

    • Size

      462KB

    • MD5

      91543c693baf658d6e59cc0c676db2d4

    • SHA1

      0a00cbe757b2092cf859b73e63be2b51a0020407

    • SHA256

      eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0

    • SHA512

      3f29f8dd5d32f33aa755fd08007d4cc2675dbe819669900806ae5d327be18035aa08bd7f23d91f8fa0d2fec188c1c8bc165f33d6408d0d8cb8bd21c083e633ff

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks