17aa460f2153f58e8b047670d1e80adc999312cf6ae19525cd09d3c39d3ec347

General
Target

17aa460f2153f58e8b047670d1e80adc999312cf6ae19525cd09d3c39d3ec347

Size

908KB

Sample

220520-hk4kwahegk

Score
10 /10
MD5

f83a5495fbea663779d8add4a41bb239

SHA1

c1bb8ecf75163afd86a404bca914384e38251439

SHA256

17aa460f2153f58e8b047670d1e80adc999312cf6ae19525cd09d3c39d3ec347

SHA512

40e0c29e568044699bb8e751dd0dcf9d7a4dcd84dddbea84e14e6366a705bd76f6d8a8870665e036523d5b7cff6112a6402ac45539bb6495786e5127547ebe1e

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

17aa460f2153f58e8b047670d1e80adc999312cf6ae19525cd09d3c39d3ec347

MD5

f83a5495fbea663779d8add4a41bb239

Filesize

908KB

Score
10/10
SHA1

c1bb8ecf75163afd86a404bca914384e38251439

SHA256

17aa460f2153f58e8b047670d1e80adc999312cf6ae19525cd09d3c39d3ec347

SHA512

40e0c29e568044699bb8e751dd0dcf9d7a4dcd84dddbea84e14e6366a705bd76f6d8a8870665e036523d5b7cff6112a6402ac45539bb6495786e5127547ebe1e

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10