General

  • Target

    20d97e9dcea7a657dba81cb6213a021bf9fd58da0af2424d3ae9c5f3389be7b9

  • Size

    485KB

  • Sample

    220612-mhc3csdch3

  • MD5

    7757105d47952dfa5d21ea86deb0c110

  • SHA1

    a82643d68e4aa65b26347b4cfc7494d3a4c4982f

  • SHA256

    20d97e9dcea7a657dba81cb6213a021bf9fd58da0af2424d3ae9c5f3389be7b9

  • SHA512

    bed9f1d8fb9290f18bcb70dce9222149abbbc481608644483313cc971150c5a506dc4503db60b4e8a49b07f18dc30e8a35912e5afc270820d93db0cfbbec2437

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    215165

Extracted

Family

gozi_ifsb

Botnet

3140

C2

isatawatag.com

bosototsuy.com

atamekihok.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      20d97e9dcea7a657dba81cb6213a021bf9fd58da0af2424d3ae9c5f3389be7b9

    • Size

      485KB

    • MD5

      7757105d47952dfa5d21ea86deb0c110

    • SHA1

      a82643d68e4aa65b26347b4cfc7494d3a4c4982f

    • SHA256

      20d97e9dcea7a657dba81cb6213a021bf9fd58da0af2424d3ae9c5f3389be7b9

    • SHA512

      bed9f1d8fb9290f18bcb70dce9222149abbbc481608644483313cc971150c5a506dc4503db60b4e8a49b07f18dc30e8a35912e5afc270820d93db0cfbbec2437

MITRE ATT&CK Matrix

Tasks