General

  • Target

    20dbb0f84e15ef2947f60a6dc95915e9a5a8b0fee70a4a5e508a72cc212cb0fa

  • Size

    197KB

  • Sample

    220612-mglccaghhm

  • MD5

    cd3a9c483c80e005fd56c30ae2d491c2

  • SHA1

    c82eba074f5d03d745cd833d0807eae6267ddf6e

  • SHA256

    20dbb0f84e15ef2947f60a6dc95915e9a5a8b0fee70a4a5e508a72cc212cb0fa

  • SHA512

    bad068b9e04df1fe812c8b8437e7e1e413c7df984536160fb1eb1541c249d5ff3e6828d540358c453ad4d718736be80553c2e1f6e4b5a2adc3872d8ffdbc28dc

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    215165

Extracted

Family

gozi_ifsb

Botnet

3135

C2

zweideckei.com

ziebelschr.com

endetztera.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      20dbb0f84e15ef2947f60a6dc95915e9a5a8b0fee70a4a5e508a72cc212cb0fa

    • Size

      197KB

    • MD5

      cd3a9c483c80e005fd56c30ae2d491c2

    • SHA1

      c82eba074f5d03d745cd833d0807eae6267ddf6e

    • SHA256

      20dbb0f84e15ef2947f60a6dc95915e9a5a8b0fee70a4a5e508a72cc212cb0fa

    • SHA512

      bad068b9e04df1fe812c8b8437e7e1e413c7df984536160fb1eb1541c249d5ff3e6828d540358c453ad4d718736be80553c2e1f6e4b5a2adc3872d8ffdbc28dc

MITRE ATT&CK Matrix

Tasks