General

  • Target

    e8bd007130fe0466959efa321f20227e28aad4cf901558561c1da8d98d21e7ed

  • Size

    908KB

  • Sample

    220524-s8ddpsgdg6

  • MD5

    6c1889d45866d7570cb99a5a38e5e280

  • SHA1

    7cd7ee7204b948182f9cf3bd31ba84ab017661f3

  • SHA256

    e8bd007130fe0466959efa321f20227e28aad4cf901558561c1da8d98d21e7ed

  • SHA512

    42f4ea90e8892d7dc0664be3fe2cb29d3e864eef0fdda18536962ed951a3c5295b34787f9b5dd73c9e69123e5a7a75fa8ce1891d3cec030ff5618e3773a61abd

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      e8bd007130fe0466959efa321f20227e28aad4cf901558561c1da8d98d21e7ed

    • Size

      908KB

    • MD5

      6c1889d45866d7570cb99a5a38e5e280

    • SHA1

      7cd7ee7204b948182f9cf3bd31ba84ab017661f3

    • SHA256

      e8bd007130fe0466959efa321f20227e28aad4cf901558561c1da8d98d21e7ed

    • SHA512

      42f4ea90e8892d7dc0664be3fe2cb29d3e864eef0fdda18536962ed951a3c5295b34787f9b5dd73c9e69123e5a7a75fa8ce1891d3cec030ff5618e3773a61abd

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks