ec7c0c85fd1d2f9f8b6c9b8319f5ff808a519037c3a3489bbdc0c67b3f12cb7d

General
Target

ec7c0c85fd1d2f9f8b6c9b8319f5ff808a519037c3a3489bbdc0c67b3f12cb7d

Size

908KB

Sample

220520-1rymbaeca5

Score
10 /10
MD5

db045854025cc3d3e9e59b3638354d59

SHA1

041103b158776a8dc6173132987715feee031db1

SHA256

ec7c0c85fd1d2f9f8b6c9b8319f5ff808a519037c3a3489bbdc0c67b3f12cb7d

SHA512

f922c9e9d54c6a29978b1902d55269c82443ebc7113b7e1840a39501d0f6b4ba6dac84b67542f20a45cd15a8ba63cade1d42115e388c149cfc5451d371ddd03d

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

ec7c0c85fd1d2f9f8b6c9b8319f5ff808a519037c3a3489bbdc0c67b3f12cb7d

MD5

db045854025cc3d3e9e59b3638354d59

Filesize

908KB

Score
10/10
SHA1

041103b158776a8dc6173132987715feee031db1

SHA256

ec7c0c85fd1d2f9f8b6c9b8319f5ff808a519037c3a3489bbdc0c67b3f12cb7d

SHA512

f922c9e9d54c6a29978b1902d55269c82443ebc7113b7e1840a39501d0f6b4ba6dac84b67542f20a45cd15a8ba63cade1d42115e388c149cfc5451d371ddd03d

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10