Overview

overview

10

Static

static

c9730e5259...23.exe

windows7_x64

10

c9730e5259...23.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9730e5259689619b6cfc3cf98b336a8c7c494c302e4a81d6e9029c084aae123

  • Size

    618KB

  • Sample

    220524-2t28ysefhr

  • MD5

    0caec1155955e0d8cd66de242e9d27a5

  • SHA1

    077c99f98a6469adfaf2c47a7e4828dcbc6bb1b4

  • SHA256

    c9730e5259689619b6cfc3cf98b336a8c7c494c302e4a81d6e9029c084aae123

  • SHA512

    9ab72e0d817a32e941f66b27c6ff3c4d2ebba6c02fc09e36f47a14a69638c7e74564b0b56b18d7a57eabcabe7699be8c0f9af8444d1315dbcfdc9865625cdcf2

Score
10/10
gozi_rm390020242bankertrojan

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300900

Extracted

Family

gozi_rm3

Botnet

90020242

C2

https://vrhgroups.xyz

Attributes
  • build

    300900

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      c9730e5259689619b6cfc3cf98b336a8c7c494c302e4a81d6e9029c084aae123

    • Size

      618KB

    • MD5

      0caec1155955e0d8cd66de242e9d27a5

    • SHA1

      077c99f98a6469adfaf2c47a7e4828dcbc6bb1b4

    • SHA256

      c9730e5259689619b6cfc3cf98b336a8c7c494c302e4a81d6e9029c084aae123

    • SHA512

      9ab72e0d817a32e941f66b27c6ff3c4d2ebba6c02fc09e36f47a14a69638c7e74564b0b56b18d7a57eabcabe7699be8c0f9af8444d1315dbcfdc9865625cdcf2

    Score
    10/10
    gozi_rm390020242bankertrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks