Overview

overview

10

Static

static

ff2bfad5b4...f8.exe

windows7_x64

10

ff2bfad5b4...f8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff2bfad5b492326d261f4106160d31e159bdb413b7e8c7aa1a96b29c53f25ff8

  • Size

    619KB

  • Sample

    220520-hh9n4shdhn

  • MD5

    498f445531d6834a1bd1f53801711e73

  • SHA1

    0397f3fd7fbe7c52cc29589a6bd41b739c771838

  • SHA256

    ff2bfad5b492326d261f4106160d31e159bdb413b7e8c7aa1a96b29c53f25ff8

  • SHA512

    e4e53b7f6ddae1776b06657d601f1d35b69a548e191d90cd6f44710aa862d0a4413e3c59b9baff5f85f42d5e48e1d667767a010cd322fe7a651e772720880329

Score
10/10
gozi_rm390020242bankertrojan

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300900

Extracted

Family

gozi_rm3

Botnet

90020242

C2

https://vrhgroups.xyz

Attributes
  • build

    300900

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      ff2bfad5b492326d261f4106160d31e159bdb413b7e8c7aa1a96b29c53f25ff8

    • Size

      619KB

    • MD5

      498f445531d6834a1bd1f53801711e73

    • SHA1

      0397f3fd7fbe7c52cc29589a6bd41b739c771838

    • SHA256

      ff2bfad5b492326d261f4106160d31e159bdb413b7e8c7aa1a96b29c53f25ff8

    • SHA512

      e4e53b7f6ddae1776b06657d601f1d35b69a548e191d90cd6f44710aa862d0a4413e3c59b9baff5f85f42d5e48e1d667767a010cd322fe7a651e772720880329

    Score
    10/10
    gozi_rm390020242bankertrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks