General

  • Target

    06925a0af22c81bd2f8ea0303f45b228f6d831f929f7c8a66a2927fe43463335

  • Size

    908KB

  • Sample

    220525-a2xvnadec4

  • MD5

    47254e03203c7d6f8f6d8915bf49ecf9

  • SHA1

    8a12369d39d42759cf3da737333b7863826f287f

  • SHA256

    06925a0af22c81bd2f8ea0303f45b228f6d831f929f7c8a66a2927fe43463335

  • SHA512

    2629f7a0eaf2075797608a9d8a2e3f67deef7fd241455b3c9b79ce53900a1cef101f7365691085b5a3bde08d82427925397cb0964b53d3e7997042b819576e06

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD3AfU4ayUEHchQ3H0W1/d3ziW
3
VNCFHWaAm8mJq6hQwn03GNGV7hOICH8h/+dZGEwYWVnRq128QMPZTIj0b+iqHKlM
4
sHzxEIZlWUVvnfbx6unDAC8aJXovmePrPvbHJ1FrplzlbILiPLvofh7pXzTdfcDQ
5
e3wfV7cbxJ3DXessqwIDAQAB
6
-----END PUBLIC KEY-----
serpent.plain
1
8JbpEEfNYPlYoAN4

Targets

    • Target

      06925a0af22c81bd2f8ea0303f45b228f6d831f929f7c8a66a2927fe43463335

    • Size

      908KB

    • MD5

      47254e03203c7d6f8f6d8915bf49ecf9

    • SHA1

      8a12369d39d42759cf3da737333b7863826f287f

    • SHA256

      06925a0af22c81bd2f8ea0303f45b228f6d831f929f7c8a66a2927fe43463335

    • SHA512

      2629f7a0eaf2075797608a9d8a2e3f67deef7fd241455b3c9b79ce53900a1cef101f7365691085b5a3bde08d82427925397cb0964b53d3e7997042b819576e06

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.