General

  • Target

    20a9cc6ef82e76b88bdf6887beb09ae4276d562f5d071ec231f9e5a4bf3daf6b

  • Size

    351KB

  • Sample

    220612-nyp8asachj

  • MD5

    c0543cd761c93da8b816631bb0fbe9d8

  • SHA1

    fb28f5234ed80dc8791045e5d4d420bd2e593e58

  • SHA256

    20a9cc6ef82e76b88bdf6887beb09ae4276d562f5d071ec231f9e5a4bf3daf6b

  • SHA512

    4c843b32dd468a1023cf7c494322889b57ea5f2f2e856245b2423674c7d293851df56a66cc2abd720e85252c8b5f4581774e9c2258adb88d7fbd397021185f95

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214085

Extracted

Family

gozi_ifsb

Botnet

3455

C2

google.com

gmail.com

shvaiwq.com

xupqcornelliy.com

swiu45hildegard.top

Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      20a9cc6ef82e76b88bdf6887beb09ae4276d562f5d071ec231f9e5a4bf3daf6b

    • Size

      351KB

    • MD5

      c0543cd761c93da8b816631bb0fbe9d8

    • SHA1

      fb28f5234ed80dc8791045e5d4d420bd2e593e58

    • SHA256

      20a9cc6ef82e76b88bdf6887beb09ae4276d562f5d071ec231f9e5a4bf3daf6b

    • SHA512

      4c843b32dd468a1023cf7c494322889b57ea5f2f2e856245b2423674c7d293851df56a66cc2abd720e85252c8b5f4581774e9c2258adb88d7fbd397021185f95

MITRE ATT&CK Matrix

Tasks