General

  • Target

    d3787d8d0b8e4e6db017b9420c749273f611e378887caba77a50620f2039f5bd

  • Size

    908KB

  • Sample

    220520-w4q1saehhm

  • MD5

    d2c2434c6b9bbf83f922d31d3a3e8308

  • SHA1

    56dfe39a47ff46eda0aa0d691bfff4e4177b209b

  • SHA256

    d3787d8d0b8e4e6db017b9420c749273f611e378887caba77a50620f2039f5bd

  • SHA512

    948089e820f0075d0859a400cb3fed16f209b9a51652f8fdb5905c6b00092ff60aafa52f9f2c62a2989f206040c674e06a2a9acda2784de3af997a9909fc6200

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      d3787d8d0b8e4e6db017b9420c749273f611e378887caba77a50620f2039f5bd

    • Size

      908KB

    • MD5

      d2c2434c6b9bbf83f922d31d3a3e8308

    • SHA1

      56dfe39a47ff46eda0aa0d691bfff4e4177b209b

    • SHA256

      d3787d8d0b8e4e6db017b9420c749273f611e378887caba77a50620f2039f5bd

    • SHA512

      948089e820f0075d0859a400cb3fed16f209b9a51652f8fdb5905c6b00092ff60aafa52f9f2c62a2989f206040c674e06a2a9acda2784de3af997a9909fc6200

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks