General

  • Target

    3cfe0f6e176a3c127646e373980ede78bcf189951caec236db21454504033ad9

  • Size

    909KB

  • Sample

    220520-hkt2faeee6

  • MD5

    1fae07e8cbaa694216d6dd1296243aab

  • SHA1

    87ca54b9560ba3a1600d6d1dc32414bac1bf0e36

  • SHA256

    3cfe0f6e176a3c127646e373980ede78bcf189951caec236db21454504033ad9

  • SHA512

    48e7a165a3adffafe70459bcb73cac2ad2276b8f08e5a9039ec4f3a4ffcea0735662c4c037c4e6d9972e6836e2fbf8c31236f2b0c734a39979096df432b03654

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      3cfe0f6e176a3c127646e373980ede78bcf189951caec236db21454504033ad9

    • Size

      909KB

    • MD5

      1fae07e8cbaa694216d6dd1296243aab

    • SHA1

      87ca54b9560ba3a1600d6d1dc32414bac1bf0e36

    • SHA256

      3cfe0f6e176a3c127646e373980ede78bcf189951caec236db21454504033ad9

    • SHA512

      48e7a165a3adffafe70459bcb73cac2ad2276b8f08e5a9039ec4f3a4ffcea0735662c4c037c4e6d9972e6836e2fbf8c31236f2b0c734a39979096df432b03654

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks