General

  • Target

    ef78d1bc0863a7e939b37e2daefe96450cd44e207d52e8663030fb1780eea7ba

  • Size

    126KB

  • Sample

    220320-dypawsgab3

  • MD5

    cbbc58e6c361cadbe803e2b5db17307e

  • SHA1

    86764e2af88b290aa12669369d882a663a264c4d

  • SHA256

    ef78d1bc0863a7e939b37e2daefe96450cd44e207d52e8663030fb1780eea7ba

  • SHA512

    826d8ac99ccd75cd6fa95235ff2979e997d396e30a5ae81c9a7781a02c8560c9398bbda567edfc586d4a14244126cfde58c1f752d68b382bd5872f1337312a2a

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1051

C2

c.s-microsoft.com

ajax.googleapis.com

vlasdmkdmewnfjfnd.xyz

Attributes
  • build

    250166

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      ef78d1bc0863a7e939b37e2daefe96450cd44e207d52e8663030fb1780eea7ba

    • Size

      126KB

    • MD5

      cbbc58e6c361cadbe803e2b5db17307e

    • SHA1

      86764e2af88b290aa12669369d882a663a264c4d

    • SHA256

      ef78d1bc0863a7e939b37e2daefe96450cd44e207d52e8663030fb1780eea7ba

    • SHA512

      826d8ac99ccd75cd6fa95235ff2979e997d396e30a5ae81c9a7781a02c8560c9398bbda567edfc586d4a14244126cfde58c1f752d68b382bd5872f1337312a2a

MITRE ATT&CK Enterprise v6

Tasks