3ee9471ac58b08b6bf94434c852c9beb714fc9528671e9f0e844c51199a32384

General
Target

3ee9471ac58b08b6bf94434c852c9beb714fc9528671e9f0e844c51199a32384

Size

908KB

Sample

220521-amh3ysaea5

Score
10 /10
MD5

c4afbd6e19c17dbbc1c73898c3595562

SHA1

2fcb0502909895b07017a03f50a57b6530e9a294

SHA256

3ee9471ac58b08b6bf94434c852c9beb714fc9528671e9f0e844c51199a32384

SHA512

30bab75ef8a03a41ec8f5820a54d14fef323fa0bf1a2368e08af8765826531cbe5fc7b8aee7063de930214e4157b483ae0ae0762565482481e24f75a572a695b

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

3ee9471ac58b08b6bf94434c852c9beb714fc9528671e9f0e844c51199a32384

MD5

c4afbd6e19c17dbbc1c73898c3595562

Filesize

908KB

Score
10/10
SHA1

2fcb0502909895b07017a03f50a57b6530e9a294

SHA256

3ee9471ac58b08b6bf94434c852c9beb714fc9528671e9f0e844c51199a32384

SHA512

30bab75ef8a03a41ec8f5820a54d14fef323fa0bf1a2368e08af8765826531cbe5fc7b8aee7063de930214e4157b483ae0ae0762565482481e24f75a572a695b

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10