General

  • Target

    bc2c2a4b1ffb52f227181d825d960ecceda3b085271cda93db1c15ca709c6d61

  • Size

    619KB

  • Sample

    220525-b2w4ssaebn

  • MD5

    565809de29b3f8d16a5b28fa88306dd4

  • SHA1

    3c06ddb7bc8b566a3eb61f8479680e874ee0fe51

  • SHA256

    bc2c2a4b1ffb52f227181d825d960ecceda3b085271cda93db1c15ca709c6d61

  • SHA512

    df87f63f6784188304436f3e0b5f019f6fe8d95cc152d09e66f6b82a911922b89bcc7c0e68dcc86b72b12ae35447d6d8561c263f9b00a29f9d698128401cb383

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300900

Extracted

Family

gozi_rm3

Botnet

90020242

C2

https://vrhgroups.xyz

Attributes
  • build

    300900

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      bc2c2a4b1ffb52f227181d825d960ecceda3b085271cda93db1c15ca709c6d61

    • Size

      619KB

    • MD5

      565809de29b3f8d16a5b28fa88306dd4

    • SHA1

      3c06ddb7bc8b566a3eb61f8479680e874ee0fe51

    • SHA256

      bc2c2a4b1ffb52f227181d825d960ecceda3b085271cda93db1c15ca709c6d61

    • SHA512

      df87f63f6784188304436f3e0b5f019f6fe8d95cc152d09e66f6b82a911922b89bcc7c0e68dcc86b72b12ae35447d6d8561c263f9b00a29f9d698128401cb383

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks