General

  • Target

    6d04940340b55566c19c90c3474a91c14be016e4e0e1e74d93df9f6afda377b5

  • Size

    908KB

  • Sample

    220524-1yxzcsdebl

  • MD5

    fd6970e93452ec24e74ab230c94ce8a3

  • SHA1

    41b940882348c11e9f2967d7c826c8f10fd180b3

  • SHA256

    6d04940340b55566c19c90c3474a91c14be016e4e0e1e74d93df9f6afda377b5

  • SHA512

    3ab9d0651a4d52dea95f79333afab0bb6e0c0d1495bdd889b3acda63297598db95cc5ab607b15c25d5927437d68225766c27cd1c9277e0e5cd7745dedbefa66a

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      6d04940340b55566c19c90c3474a91c14be016e4e0e1e74d93df9f6afda377b5

    • Size

      908KB

    • MD5

      fd6970e93452ec24e74ab230c94ce8a3

    • SHA1

      41b940882348c11e9f2967d7c826c8f10fd180b3

    • SHA256

      6d04940340b55566c19c90c3474a91c14be016e4e0e1e74d93df9f6afda377b5

    • SHA512

      3ab9d0651a4d52dea95f79333afab0bb6e0c0d1495bdd889b3acda63297598db95cc5ab607b15c25d5927437d68225766c27cd1c9277e0e5cd7745dedbefa66a

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks