237f7eb7e6d3d75911144e8d5ca6239d8eafe4f6b4ad65695fa61d5b3d5ac25e

General
Target

237f7eb7e6d3d75911144e8d5ca6239d8eafe4f6b4ad65695fa61d5b3d5ac25e

Size

908KB

Sample

220520-hkza6aeef4

Score
10 /10
MD5

1e22758ce16928ffe1e84c365a9b98af

SHA1

ef0025837c81ce28d7d5098f8249337451d7054f

SHA256

237f7eb7e6d3d75911144e8d5ca6239d8eafe4f6b4ad65695fa61d5b3d5ac25e

SHA512

3f4b729f376068631d1ca322985218c02bc8159330d11fe64389e0aa242ea4baf77557f9dc09f23f997f6a9c1c4cae16d0513b0c1dee6b95cf1b40ac43c187c6

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

237f7eb7e6d3d75911144e8d5ca6239d8eafe4f6b4ad65695fa61d5b3d5ac25e

MD5

1e22758ce16928ffe1e84c365a9b98af

Filesize

908KB

Score
10/10
SHA1

ef0025837c81ce28d7d5098f8249337451d7054f

SHA256

237f7eb7e6d3d75911144e8d5ca6239d8eafe4f6b4ad65695fa61d5b3d5ac25e

SHA512

3f4b729f376068631d1ca322985218c02bc8159330d11fe64389e0aa242ea4baf77557f9dc09f23f997f6a9c1c4cae16d0513b0c1dee6b95cf1b40ac43c187c6

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10