1225f3a85dd46f1501fe6efd9cc0eae9af9dcdda8a2daeff1f3a0e3d02b2f641

General
Target

1225f3a85dd46f1501fe6efd9cc0eae9af9dcdda8a2daeff1f3a0e3d02b2f641

Size

908KB

Sample

220521-aqdyeaafb8

Score
10 /10
MD5

67ae2764af5f5902c95360d421420740

SHA1

c65ab45f5c735c0510ef4f9ed4c0d13bfbee4011

SHA256

1225f3a85dd46f1501fe6efd9cc0eae9af9dcdda8a2daeff1f3a0e3d02b2f641

SHA512

8853572536d6002f8b0c5cce214f1f209262c38c8311e6f089ee26d49fbaded974a7582de76b957689621801e086ca23f69c97d75c5fd17d790c415b0e361896

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

1225f3a85dd46f1501fe6efd9cc0eae9af9dcdda8a2daeff1f3a0e3d02b2f641

MD5

67ae2764af5f5902c95360d421420740

Filesize

908KB

Score
10/10
SHA1

c65ab45f5c735c0510ef4f9ed4c0d13bfbee4011

SHA256

1225f3a85dd46f1501fe6efd9cc0eae9af9dcdda8a2daeff1f3a0e3d02b2f641

SHA512

8853572536d6002f8b0c5cce214f1f209262c38c8311e6f089ee26d49fbaded974a7582de76b957689621801e086ca23f69c97d75c5fd17d790c415b0e361896

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10