General

  • Target

    2016fa8ef23fb85134d1991cd2da8303511339596a5db1836f43c4960037b8b3

  • Size

    1.7MB

  • Sample

    220612-qzlydadgaq

  • MD5

    19e6df7445085f00c55d8bfa7242a2d1

  • SHA1

    c4bf1a1242bfdeaa4d166203f85d1df83cf78184

  • SHA256

    2016fa8ef23fb85134d1991cd2da8303511339596a5db1836f43c4960037b8b3

  • SHA512

    a179b41af3fe2e8300d4784eb7d83d200ab23d2a90cde425d5d6aa523eb754e5392a5af6ef4206c61bec6da42f5149377ff69f869f4a7aab413d80d2d1236815

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214082

Extracted

Family

gozi_ifsb

Botnet

3379

C2

microsoft.com

update.microsoft.com

avast.com

sdorthyyantonietta.top

cutaylorpascale.top

jpearl26kacey.top

Attributes
  • build

    214082

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      2016fa8ef23fb85134d1991cd2da8303511339596a5db1836f43c4960037b8b3

    • Size

      1.7MB

    • MD5

      19e6df7445085f00c55d8bfa7242a2d1

    • SHA1

      c4bf1a1242bfdeaa4d166203f85d1df83cf78184

    • SHA256

      2016fa8ef23fb85134d1991cd2da8303511339596a5db1836f43c4960037b8b3

    • SHA512

      a179b41af3fe2e8300d4784eb7d83d200ab23d2a90cde425d5d6aa523eb754e5392a5af6ef4206c61bec6da42f5149377ff69f869f4a7aab413d80d2d1236815

MITRE ATT&CK Matrix

Tasks