Overview

overview

10

Static

static

15d38a78dd...a3.exe

windows7_x64

10

15d38a78dd...a3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15d38a78dd74d9fe7c4a2c097323b9d7850a588c3d18a7b43b7f3ca95cc9b5a3

  • Size

    619KB

  • Sample

    220520-hk611aeef9

  • MD5

    34f622d486c6f3a141ee476669872903

  • SHA1

    18cc1dde085f47975fcaa9dee5c9026e022243c9

  • SHA256

    15d38a78dd74d9fe7c4a2c097323b9d7850a588c3d18a7b43b7f3ca95cc9b5a3

  • SHA512

    f08accb9a2517448ec033a8122989bbb20e2d1a4270b37c9d97723ac2a3db93b8d2bd4d7d2b69b5bc0c19c53b4d825b9839af149bcce0297ec2abedf9610ef24

Score
10/10
gozi_rm390020242bankertrojan

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300900

Extracted

Family

gozi_rm3

Botnet

90020242

C2

https://vrhgroups.xyz

Attributes
  • build

    300900

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      15d38a78dd74d9fe7c4a2c097323b9d7850a588c3d18a7b43b7f3ca95cc9b5a3

    • Size

      619KB

    • MD5

      34f622d486c6f3a141ee476669872903

    • SHA1

      18cc1dde085f47975fcaa9dee5c9026e022243c9

    • SHA256

      15d38a78dd74d9fe7c4a2c097323b9d7850a588c3d18a7b43b7f3ca95cc9b5a3

    • SHA512

      f08accb9a2517448ec033a8122989bbb20e2d1a4270b37c9d97723ac2a3db93b8d2bd4d7d2b69b5bc0c19c53b4d825b9839af149bcce0297ec2abedf9610ef24

    Score
    10/10
    gozi_rm390020242bankertrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks