26abb23658a1829ab32e9571659eb160043e35e0100124c5c612e8e31e81cfb4

General
Target

26abb23658a1829ab32e9571659eb160043e35e0100124c5c612e8e31e81cfb4

Size

909KB

Sample

220520-hkxsbseef2

Score
10 /10
MD5

b05e538afe8cb9d55f0e61720626310c

SHA1

c3154048ac74ceac75fdc62820ef66f1bdb31334

SHA256

26abb23658a1829ab32e9571659eb160043e35e0100124c5c612e8e31e81cfb4

SHA512

c668ab5c2686c84c329948c2bf72b7e1c20ea81e3a3706367655cdbb8f67c3d724b82a29252e5fc9c498c664338d370366df95cc806e58fc7738320962ca166c

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

26abb23658a1829ab32e9571659eb160043e35e0100124c5c612e8e31e81cfb4

MD5

b05e538afe8cb9d55f0e61720626310c

Filesize

909KB

Score
10/10
SHA1

c3154048ac74ceac75fdc62820ef66f1bdb31334

SHA256

26abb23658a1829ab32e9571659eb160043e35e0100124c5c612e8e31e81cfb4

SHA512

c668ab5c2686c84c329948c2bf72b7e1c20ea81e3a3706367655cdbb8f67c3d724b82a29252e5fc9c498c664338d370366df95cc806e58fc7738320962ca166c

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10