1dde14f14004d0953532c4c095e1aba0cbafacf1c9c4d0ef1a98f90a0145ab85

General
Target

1dde14f14004d0953532c4c095e1aba0cbafacf1c9c4d0ef1a98f90a0145ab85

Size

908KB

Sample

220520-hk1h8ahefq

Score
10 /10
MD5

db425b3a2847a2f961705308e20062ba

SHA1

c45633e73b54ae0de2f4b825f9f2097a582f0ca8

SHA256

1dde14f14004d0953532c4c095e1aba0cbafacf1c9c4d0ef1a98f90a0145ab85

SHA512

aa32fd04d3a242d1d3c0205cc0292aa501c442728352f44f655a18164d98c9f685c9237120641056e01276a1bfcb2a2702e59eafb2ec1fc948d71c9856a7a2c3

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

1dde14f14004d0953532c4c095e1aba0cbafacf1c9c4d0ef1a98f90a0145ab85

MD5

db425b3a2847a2f961705308e20062ba

Filesize

908KB

Score
10/10
SHA1

c45633e73b54ae0de2f4b825f9f2097a582f0ca8

SHA256

1dde14f14004d0953532c4c095e1aba0cbafacf1c9c4d0ef1a98f90a0145ab85

SHA512

aa32fd04d3a242d1d3c0205cc0292aa501c442728352f44f655a18164d98c9f685c9237120641056e01276a1bfcb2a2702e59eafb2ec1fc948d71c9856a7a2c3

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10