b3be1dd63db308b92cc3704faa396da6b544f3ab4e212f62de3aab9326229be1

General
Target

b3be1dd63db308b92cc3704faa396da6b544f3ab4e212f62de3aab9326229be1

Size

908KB

Sample

220520-z68v6adeg2

Score
10 /10
MD5

3c1429579cb97febfe58dc0f8cd6fbe9

SHA1

79885de392a4b5776522b28ef7b9ed5dd9d5319c

SHA256

b3be1dd63db308b92cc3704faa396da6b544f3ab4e212f62de3aab9326229be1

SHA512

a4bf3829c8fd4b983846d52c3fc10608ff631abb0b355a738f9c5128697c0464e06c5b10f75215eab643f98e09b220da21adf4a74fdc807ff1ed5da0f2e58484

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

b3be1dd63db308b92cc3704faa396da6b544f3ab4e212f62de3aab9326229be1

MD5

3c1429579cb97febfe58dc0f8cd6fbe9

Filesize

908KB

Score
10/10
SHA1

79885de392a4b5776522b28ef7b9ed5dd9d5319c

SHA256

b3be1dd63db308b92cc3704faa396da6b544f3ab4e212f62de3aab9326229be1

SHA512

a4bf3829c8fd4b983846d52c3fc10608ff631abb0b355a738f9c5128697c0464e06c5b10f75215eab643f98e09b220da21adf4a74fdc807ff1ed5da0f2e58484

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10