Overview

overview

10

Static

static

9

e0c8833039...a2.exe

windows7_x64

10

e0c8833039...a2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e0c8833039a33a3fbc02b5d0837a827f267b6fc2f943b8d3533f83530eb041a2

  • Size

    908KB

  • Sample

    220524-t1qvhadcgm

  • MD5

    5b77d76a1b194c50deafdbea63218f82

  • SHA1

    6c73f0958f51d0f1be7153d5428a69dcad6e3438

  • SHA256

    e0c8833039a33a3fbc02b5d0837a827f267b6fc2f943b8d3533f83530eb041a2

  • SHA512

    0227fc7fc227197d83611c184f12ba7d79dd63ca1c552d48f7e4199d1d617db98823d371f4c726b0d4cf0f7818953927e95a892f0b602d495b1385f6d05d2119

Score
10/10
gozi_rm3202004141bankercryptonepackertrojan

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      e0c8833039a33a3fbc02b5d0837a827f267b6fc2f943b8d3533f83530eb041a2

    • Size

      908KB

    • MD5

      5b77d76a1b194c50deafdbea63218f82

    • SHA1

      6c73f0958f51d0f1be7153d5428a69dcad6e3438

    • SHA256

      e0c8833039a33a3fbc02b5d0837a827f267b6fc2f943b8d3533f83530eb041a2

    • SHA512

      0227fc7fc227197d83611c184f12ba7d79dd63ca1c552d48f7e4199d1d617db98823d371f4c726b0d4cf0f7818953927e95a892f0b602d495b1385f6d05d2119

    Score
    10/10
    gozi_rm3202004141bankertrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks