General

  • Target

    06fd8321d2d46bbe0095de350b40eac6a433f62461c08bc4c93650fc1a8a24b7

  • Size

    908KB

  • Sample

    220524-1wfmashdf4

  • MD5

    29b1cd1225c6eb9d56eca91c2f429bc9

  • SHA1

    701e488c5250c4408cca25000a1bbd1087776402

  • SHA256

    06fd8321d2d46bbe0095de350b40eac6a433f62461c08bc4c93650fc1a8a24b7

  • SHA512

    bfc20e4c0e64761c1a7cf6c5b5ddc33d6087d327ec6cae8a7583238e1369e12dde0081db61ee2be9c935de99031d9dc67cbb386db0cfcb0e671db1a020e1495c

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      06fd8321d2d46bbe0095de350b40eac6a433f62461c08bc4c93650fc1a8a24b7

    • Size

      908KB

    • MD5

      29b1cd1225c6eb9d56eca91c2f429bc9

    • SHA1

      701e488c5250c4408cca25000a1bbd1087776402

    • SHA256

      06fd8321d2d46bbe0095de350b40eac6a433f62461c08bc4c93650fc1a8a24b7

    • SHA512

      bfc20e4c0e64761c1a7cf6c5b5ddc33d6087d327ec6cae8a7583238e1369e12dde0081db61ee2be9c935de99031d9dc67cbb386db0cfcb0e671db1a020e1495c

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks