4efa75f57f749302c253e2a5c2876065b1a9e1d18d69335dfd5b20c448e749ad

General
Target

4efa75f57f749302c253e2a5c2876065b1a9e1d18d69335dfd5b20c448e749ad

Size

908KB

Sample

220520-113ydshfgq

Score
10 /10
MD5

fb7c225421b32f0cbf238504b32cfce3

SHA1

a9c99744b0bfd7f94d2bded6fc67d3c7639c7b45

SHA256

4efa75f57f749302c253e2a5c2876065b1a9e1d18d69335dfd5b20c448e749ad

SHA512

0010a0f68e8e0d94dfab9a238bf4d0d70bafdeb0c40bbd3ccd207f02da2df714af94055c7d9960a391ef0e84db3f1340e43b3eff4ecd3bbcc8dcc4d96c8be782

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

4efa75f57f749302c253e2a5c2876065b1a9e1d18d69335dfd5b20c448e749ad

MD5

fb7c225421b32f0cbf238504b32cfce3

Filesize

908KB

Score
10/10
SHA1

a9c99744b0bfd7f94d2bded6fc67d3c7639c7b45

SHA256

4efa75f57f749302c253e2a5c2876065b1a9e1d18d69335dfd5b20c448e749ad

SHA512

0010a0f68e8e0d94dfab9a238bf4d0d70bafdeb0c40bbd3ccd207f02da2df714af94055c7d9960a391ef0e84db3f1340e43b3eff4ecd3bbcc8dcc4d96c8be782

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10