General

  • Target

    9e5b322be0266d45d99f290d1d86c8a11aa805cd09d5ded9e25f89fc58849997

  • Size

    908KB

  • Sample

    220521-a4yjzaecek

  • MD5

    4f9dbd94ac6de4fe4d9c21c01809f18a

  • SHA1

    20354026c7e41a1424dba51312f0a3b7aeef587e

  • SHA256

    9e5b322be0266d45d99f290d1d86c8a11aa805cd09d5ded9e25f89fc58849997

  • SHA512

    21b8aa3171c312e6cf1aef1d87f9c6b56050cac5742c529cc21514432ddecf06b20ece47cf9fa4c56cab2963924bd176cc9bc7d0c18c3beb51986454121d5447

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      9e5b322be0266d45d99f290d1d86c8a11aa805cd09d5ded9e25f89fc58849997

    • Size

      908KB

    • MD5

      4f9dbd94ac6de4fe4d9c21c01809f18a

    • SHA1

      20354026c7e41a1424dba51312f0a3b7aeef587e

    • SHA256

      9e5b322be0266d45d99f290d1d86c8a11aa805cd09d5ded9e25f89fc58849997

    • SHA512

      21b8aa3171c312e6cf1aef1d87f9c6b56050cac5742c529cc21514432ddecf06b20ece47cf9fa4c56cab2963924bd176cc9bc7d0c18c3beb51986454121d5447

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks