General

  • Target

    b3be1dd63db308b92cc3704faa396da6b544f3ab4e212f62de3aab9326229be1

  • Size

    908KB

  • Sample

    220520-z68v6adeg2

  • MD5

    3c1429579cb97febfe58dc0f8cd6fbe9

  • SHA1

    79885de392a4b5776522b28ef7b9ed5dd9d5319c

  • SHA256

    b3be1dd63db308b92cc3704faa396da6b544f3ab4e212f62de3aab9326229be1

  • SHA512

    a4bf3829c8fd4b983846d52c3fc10608ff631abb0b355a738f9c5128697c0464e06c5b10f75215eab643f98e09b220da21adf4a74fdc807ff1ed5da0f2e58484

Malware Config

Extracted

Family

gozi_rm3

Attributes
build
300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain

Targets

    • Target

      b3be1dd63db308b92cc3704faa396da6b544f3ab4e212f62de3aab9326229be1

    • Size

      908KB

    • MD5

      3c1429579cb97febfe58dc0f8cd6fbe9

    • SHA1

      79885de392a4b5776522b28ef7b9ed5dd9d5319c

    • SHA256

      b3be1dd63db308b92cc3704faa396da6b544f3ab4e212f62de3aab9326229be1

    • SHA512

      a4bf3829c8fd4b983846d52c3fc10608ff631abb0b355a738f9c5128697c0464e06c5b10f75215eab643f98e09b220da21adf4a74fdc807ff1ed5da0f2e58484

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation