General

  • Target

    0ab16b64a92305fad3b7a89ac458e68d91eeac1a583855cbd12a35c7f86524a4

  • Size

    590KB

  • Sample

    220319-nbhjyagee2

  • MD5

    cce6b64754d50f47c31a6ce2d7b47bec

  • SHA1

    37a43ffb09c402d1b415414ad02c723a678d409e

  • SHA256

    0ab16b64a92305fad3b7a89ac458e68d91eeac1a583855cbd12a35c7f86524a4

  • SHA512

    8fa6ee3532fc51c34527e8592b39f0079ec644980670c168235a1436b7d0c2ec6ccaeb00e42314189ed4d5870e5247bc556b633a5c82b07cb0b3fbb4b111065f

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1265

C2

updates.microsoft.com

remuloga.top

reconders.top

Attributes
  • build

    250167

  • dga_season

    10

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      0ab16b64a92305fad3b7a89ac458e68d91eeac1a583855cbd12a35c7f86524a4

    • Size

      590KB

    • MD5

      cce6b64754d50f47c31a6ce2d7b47bec

    • SHA1

      37a43ffb09c402d1b415414ad02c723a678d409e

    • SHA256

      0ab16b64a92305fad3b7a89ac458e68d91eeac1a583855cbd12a35c7f86524a4

    • SHA512

      8fa6ee3532fc51c34527e8592b39f0079ec644980670c168235a1436b7d0c2ec6ccaeb00e42314189ed4d5870e5247bc556b633a5c82b07cb0b3fbb4b111065f

MITRE ATT&CK Enterprise v6

Tasks