General

  • Target

    5c65f662c38032bdb43e3822fd346240d6caadc9a16e047806fafb253475c447

  • Size

    222KB

  • Sample

    220215-pykhgsgccn

  • MD5

    a170bdf372a5df4ba8b9b50fc81b9b81

  • SHA1

    14f162af3858983efa3e4e58d88727d09274d680

  • SHA256

    5c65f662c38032bdb43e3822fd346240d6caadc9a16e047806fafb253475c447

  • SHA512

    c0817c33a30f31b8a22f32cd2eafa17b1fa00da2b2047a87f57f568484de3e9e734bfd8078f6fb0ac7b86ccc2df7eed45fd4706b57877a18c6178e42b62d6031

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

9090

C2

http://google.login.com

https://194.67.90.217

https://134.0.118.44

https://134.0.119.89

http://194.67.90.217

http://134.0.118.44

http://134.0.119.89

iudsahbnmddsa.com

siadujhdnmasg.com

idsaujhdndkwq.com

Attributes
  • base_path

    /images/

  • dga_season

    10

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    worker

  • extension

    .avi

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      5c65f662c38032bdb43e3822fd346240d6caadc9a16e047806fafb253475c447

    • Size

      222KB

    • MD5

      a170bdf372a5df4ba8b9b50fc81b9b81

    • SHA1

      14f162af3858983efa3e4e58d88727d09274d680

    • SHA256

      5c65f662c38032bdb43e3822fd346240d6caadc9a16e047806fafb253475c447

    • SHA512

      c0817c33a30f31b8a22f32cd2eafa17b1fa00da2b2047a87f57f568484de3e9e734bfd8078f6fb0ac7b86ccc2df7eed45fd4706b57877a18c6178e42b62d6031

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Enterprise v6

Tasks