General

  • Target

    203df603ddf2a54e3274ecdb1b531bfac6f2c6f30212890f29e8790acd0a6172

  • Size

    376KB

  • Sample

    220612-qe488acgfk

  • MD5

    e7320485b38bd5818a4b4da4bc257837

  • SHA1

    a162908dd79cf3b8f0579f7d7401d591e95d4fb9

  • SHA256

    203df603ddf2a54e3274ecdb1b531bfac6f2c6f30212890f29e8790acd0a6172

  • SHA512

    44769d8470317b6b13e275244dbe0666e4480bb3655b73b09803e20c9d71e7e8ac40de66685adec3752a70e703adb331e6fb5623ec61e21e26f7a7ec5c29a7f2

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214062

Extracted

Family

gozi_ifsb

Botnet

3193

C2

fy76qn.email

dst1894.com

w40shailie.city

Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      203df603ddf2a54e3274ecdb1b531bfac6f2c6f30212890f29e8790acd0a6172

    • Size

      376KB

    • MD5

      e7320485b38bd5818a4b4da4bc257837

    • SHA1

      a162908dd79cf3b8f0579f7d7401d591e95d4fb9

    • SHA256

      203df603ddf2a54e3274ecdb1b531bfac6f2c6f30212890f29e8790acd0a6172

    • SHA512

      44769d8470317b6b13e275244dbe0666e4480bb3655b73b09803e20c9d71e7e8ac40de66685adec3752a70e703adb331e6fb5623ec61e21e26f7a7ec5c29a7f2

MITRE ATT&CK Matrix

Tasks