General

  • Target

    5a06437829417f3cafac0bdbb335300b187d670e66bcf2993ad662d2c672d4d2

  • Size

    908KB

  • Sample

    220215-m67xmsebe8

  • MD5

    452d7b7ded1a8b82959dc61c6d64652b

  • SHA1

    48cbb6c1f87741f3f77f52495bbef7ac296bbc56

  • SHA256

    5a06437829417f3cafac0bdbb335300b187d670e66bcf2993ad662d2c672d4d2

  • SHA512

    86162626ddcae09ae8a37a620a5658fb484a55024b448757b7495341f0017e49515aee0ad1155c9248ff542a3b24260929504a855ab9e638bf1cec6bc0c86ab8

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      5a06437829417f3cafac0bdbb335300b187d670e66bcf2993ad662d2c672d4d2

    • Size

      908KB

    • MD5

      452d7b7ded1a8b82959dc61c6d64652b

    • SHA1

      48cbb6c1f87741f3f77f52495bbef7ac296bbc56

    • SHA256

      5a06437829417f3cafac0bdbb335300b187d670e66bcf2993ad662d2c672d4d2

    • SHA512

      86162626ddcae09ae8a37a620a5658fb484a55024b448757b7495341f0017e49515aee0ad1155c9248ff542a3b24260929504a855ab9e638bf1cec6bc0c86ab8

MITRE ATT&CK Enterprise v6

Tasks