General

  • Target

    471886773df69712e2de80d276f6c2feb40a92885e999377b5a7026db51b4b17

  • Size

    619KB

  • Sample

    220520-hkqn1seee2

  • MD5

    2867e8c519840f863645d76b91aa667e

  • SHA1

    7e0897de65c7f42d77edde1bbebec462bf79a673

  • SHA256

    471886773df69712e2de80d276f6c2feb40a92885e999377b5a7026db51b4b17

  • SHA512

    743592d303bdce01ffcd45ebe41c0cec10bb7f463a5011e31de9e122b78def835d4e66f97de4205c97a832d4151b158eec7cf5fe42ad42b5e16eb84512fd2e6a

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300900

Extracted

Family

gozi_rm3

Botnet

90020242

C2

https://vrhgroups.xyz

Attributes
  • build

    300900

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      471886773df69712e2de80d276f6c2feb40a92885e999377b5a7026db51b4b17

    • Size

      619KB

    • MD5

      2867e8c519840f863645d76b91aa667e

    • SHA1

      7e0897de65c7f42d77edde1bbebec462bf79a673

    • SHA256

      471886773df69712e2de80d276f6c2feb40a92885e999377b5a7026db51b4b17

    • SHA512

      743592d303bdce01ffcd45ebe41c0cec10bb7f463a5011e31de9e122b78def835d4e66f97de4205c97a832d4151b158eec7cf5fe42ad42b5e16eb84512fd2e6a

MITRE ATT&CK Enterprise v6

Tasks