21d0923114ef92235425c71c45352546b52cf60d0b9f7d9e502aa03bdcf2544b

General
Target

21d0923114ef92235425c71c45352546b52cf60d0b9f7d9e502aa03bdcf2544b

Size

72KB

Sample

220520-hkzxpahefp

Score
10 /10
MD5

0adad5cf712640fc67bb14bacd19d732

SHA1

4c9da9788d29e86eeff69307daa11d32d3f4b011

SHA256

21d0923114ef92235425c71c45352546b52cf60d0b9f7d9e502aa03bdcf2544b

SHA512

68b2ead48b99c90a0edc14c456d8739da9f939441d934109d5de7410e9d3b71fc7618877d6a79aa8816bc2ca3a8568d0f3416213d57e2a5e7cff99da80e2f6b4

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004022
C2

https://karntnatural.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

21d0923114ef92235425c71c45352546b52cf60d0b9f7d9e502aa03bdcf2544b

MD5

0adad5cf712640fc67bb14bacd19d732

Filesize

72KB

Score
10/10
SHA1

4c9da9788d29e86eeff69307daa11d32d3f4b011

SHA256

21d0923114ef92235425c71c45352546b52cf60d0b9f7d9e502aa03bdcf2544b

SHA512

68b2ead48b99c90a0edc14c456d8739da9f939441d934109d5de7410e9d3b71fc7618877d6a79aa8816bc2ca3a8568d0f3416213d57e2a5e7cff99da80e2f6b4

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10