aa35cfbc8854b02c67f80afafbfade075b8b2dfed94a26dcb29ed842b859b4e1

General
Target

aa35cfbc8854b02c67f80afafbfade075b8b2dfed94a26dcb29ed842b859b4e1

Size

908KB

Sample

220521-app92saeh6

Score
10 /10
MD5

8989c1ad7e71ceaf21d6d02463719bfc

SHA1

65c628533a6b45cdf0335cc2031f428540e13976

SHA256

aa35cfbc8854b02c67f80afafbfade075b8b2dfed94a26dcb29ed842b859b4e1

SHA512

b390e0641ad974af861fdaa25bb5626ef1c6a708f25869154a4493fa56fadd20f8ca55c4a0cb328c4a9aea7a8e6819c226230e43e80bdf27ab5cb548fc6b0036

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

aa35cfbc8854b02c67f80afafbfade075b8b2dfed94a26dcb29ed842b859b4e1

MD5

8989c1ad7e71ceaf21d6d02463719bfc

Filesize

908KB

Score
10/10
SHA1

65c628533a6b45cdf0335cc2031f428540e13976

SHA256

aa35cfbc8854b02c67f80afafbfade075b8b2dfed94a26dcb29ed842b859b4e1

SHA512

b390e0641ad974af861fdaa25bb5626ef1c6a708f25869154a4493fa56fadd20f8ca55c4a0cb328c4a9aea7a8e6819c226230e43e80bdf27ab5cb548fc6b0036

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10