Overview

overview

10

Static

static

9

b1a7d6896b...79.exe

windows7_x64

10

b1a7d6896b...79.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1a7d6896b9bef47757f10e15b7d8c08412e76886670f0e19405b1e018faff79

  • Size

    908KB

  • Sample

    220520-hjvataeeb8

  • MD5

    19b5066abcb8b635553de7475ed4b021

  • SHA1

    bdfe5514a0b5147506288151b74bd948e10f200a

  • SHA256

    b1a7d6896b9bef47757f10e15b7d8c08412e76886670f0e19405b1e018faff79

  • SHA512

    aa02165b0eae309090a3ab913b5a283d36012b43245e7efa0033c56f5bb5bfd4d52c337a250ae28cbc8100c865fd150627f1e55ee680d0d73f8b7d0747260243

Score
10/10
gozi_rm3202004141bankercryptonepackertrojan

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      b1a7d6896b9bef47757f10e15b7d8c08412e76886670f0e19405b1e018faff79

    • Size

      908KB

    • MD5

      19b5066abcb8b635553de7475ed4b021

    • SHA1

      bdfe5514a0b5147506288151b74bd948e10f200a

    • SHA256

      b1a7d6896b9bef47757f10e15b7d8c08412e76886670f0e19405b1e018faff79

    • SHA512

      aa02165b0eae309090a3ab913b5a283d36012b43245e7efa0033c56f5bb5bfd4d52c337a250ae28cbc8100c865fd150627f1e55ee680d0d73f8b7d0747260243

    Score
    10/10
    gozi_rm3202004141bankertrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks