General

  • Target

    471886773df69712e2de80d276f6c2feb40a92885e999377b5a7026db51b4b17

  • Size

    619KB

  • Sample

    220520-hkqn1seee2

  • MD5

    2867e8c519840f863645d76b91aa667e

  • SHA1

    7e0897de65c7f42d77edde1bbebec462bf79a673

  • SHA256

    471886773df69712e2de80d276f6c2feb40a92885e999377b5a7026db51b4b17

  • SHA512

    743592d303bdce01ffcd45ebe41c0cec10bb7f463a5011e31de9e122b78def835d4e66f97de4205c97a832d4151b158eec7cf5fe42ad42b5e16eb84512fd2e6a

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300900

Extracted

Family

gozi_rm3

Botnet

90020242

C2

https://vrhgroups.xyz

Attributes
  • build

    300900

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnLBIFd8ENlbWBR6Mve3hFdwUQ
3
KngeHDeI6ZHfdoSY5iiGvcAu6O6F+f9hBJzYA9LsJqVLMvXTQMahO053kuqc9pRN
4
TJW6SoyOgLPfMhl5Q2+9qBvWUQzDH3vbOrJD0p79sTnfsMikRQ6+wVQ9+g++o28i
5
eNAgaJpU4bqwW1JmawIDAQAB
6
-----END PUBLIC KEY-----
serpent.plain
1
GixufGwVe0SpF7gm

Targets

    • Target

      471886773df69712e2de80d276f6c2feb40a92885e999377b5a7026db51b4b17

    • Size

      619KB

    • MD5

      2867e8c519840f863645d76b91aa667e

    • SHA1

      7e0897de65c7f42d77edde1bbebec462bf79a673

    • SHA256

      471886773df69712e2de80d276f6c2feb40a92885e999377b5a7026db51b4b17

    • SHA512

      743592d303bdce01ffcd45ebe41c0cec10bb7f463a5011e31de9e122b78def835d4e66f97de4205c97a832d4151b158eec7cf5fe42ad42b5e16eb84512fd2e6a

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.