6b11b8d34d9b5265cadd6a24300e4472672c3260f1927c7cf71f1e293affee35

General
Target

6b11b8d34d9b5265cadd6a24300e4472672c3260f1927c7cf71f1e293affee35

Size

908KB

Sample

220520-xbsvcafbhp

Score
10 /10
MD5

e448ad197a51b7d2efe4f53477ada67f

SHA1

45f7ece622159605955892c1c10597f46d026954

SHA256

6b11b8d34d9b5265cadd6a24300e4472672c3260f1927c7cf71f1e293affee35

SHA512

94b3e081979141694e8843ac000257486291959e38cd0acf2086801fe5eee174d70a61b311004b33ad5f07add5eae0cd3743f42c009d5cd62ac405081004d78e

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

6b11b8d34d9b5265cadd6a24300e4472672c3260f1927c7cf71f1e293affee35

MD5

e448ad197a51b7d2efe4f53477ada67f

Filesize

908KB

Score
10/10
SHA1

45f7ece622159605955892c1c10597f46d026954

SHA256

6b11b8d34d9b5265cadd6a24300e4472672c3260f1927c7cf71f1e293affee35

SHA512

94b3e081979141694e8843ac000257486291959e38cd0acf2086801fe5eee174d70a61b311004b33ad5f07add5eae0cd3743f42c009d5cd62ac405081004d78e

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10