bd46624b138c6574ede18bb37034056c508d2442c7ebd664a5686b74b0f99d7b

General
Target

bd46624b138c6574ede18bb37034056c508d2442c7ebd664a5686b74b0f99d7b

Size

908KB

Sample

220521-atvqbsdgcr

Score
10 /10
MD5

6c3616245a1f713038857de1c4a0f8b4

SHA1

b004c92fcb9412762cfaf8b0e25cd0bf4f39ee13

SHA256

bd46624b138c6574ede18bb37034056c508d2442c7ebd664a5686b74b0f99d7b

SHA512

db56e3813fc2a04b88469df24f03b9ed0ca69df9ce701d38ed849a9cd9c304fb69212a1591de8d9684fccfb19ca5923fd4ad6efb5c3cb2c12cc693770724e859

Malware Config

Extracted

Family gozi_rm3
Attributes
build
300854

Extracted

Family gozi_rm3
Botnet 202004141
C2

https://devicelease.xyz

Attributes
build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

bd46624b138c6574ede18bb37034056c508d2442c7ebd664a5686b74b0f99d7b

MD5

6c3616245a1f713038857de1c4a0f8b4

Filesize

908KB

Score
10/10
SHA1

b004c92fcb9412762cfaf8b0e25cd0bf4f39ee13

SHA256

bd46624b138c6574ede18bb37034056c508d2442c7ebd664a5686b74b0f99d7b

SHA512

db56e3813fc2a04b88469df24f03b9ed0ca69df9ce701d38ed849a9cd9c304fb69212a1591de8d9684fccfb19ca5923fd4ad6efb5c3cb2c12cc693770724e859

Tags

Signatures

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        9/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10