General

  • Target

    626ac6ea1fecfba24f8c2a18ff724875b0d2574a006e1614fc89529b5848a21b

  • Size

    1.1MB

  • Sample

    220214-h3cvwahhak

  • MD5

    c2431a2718c977fee0be4b4a87452e76

  • SHA1

    51aab5676991f76dede05dd3bca9747a32921338

  • SHA256

    626ac6ea1fecfba24f8c2a18ff724875b0d2574a006e1614fc89529b5848a21b

  • SHA512

    8c687d700a804937e9577970b151ea947781b1ae776d35a710520a7bc2dd1745ac3dccea4e323ff60ddc29d000ecd71002a0050d32242cc18035838ac3ee4220

Malware Config

Extracted

Family

gozi_ifsb

Botnet

2500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes
  • build

    250188

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      626ac6ea1fecfba24f8c2a18ff724875b0d2574a006e1614fc89529b5848a21b

    • Size

      1.1MB

    • MD5

      c2431a2718c977fee0be4b4a87452e76

    • SHA1

      51aab5676991f76dede05dd3bca9747a32921338

    • SHA256

      626ac6ea1fecfba24f8c2a18ff724875b0d2574a006e1614fc89529b5848a21b

    • SHA512

      8c687d700a804937e9577970b151ea947781b1ae776d35a710520a7bc2dd1745ac3dccea4e323ff60ddc29d000ecd71002a0050d32242cc18035838ac3ee4220

MITRE ATT&CK Enterprise v6

Tasks