General

  • Target

    1ff4444acacfa7bca5312acc019e46606d6ec4f5b954f5f99e174522c3a1e01e

  • Size

    269KB

  • Sample

    220612-rfmagaeebm

  • MD5

    aacaf931b73a54807e926ee60cf66c80

  • SHA1

    9802df2ee8534fbf3cf28e1d46c131be1bace151

  • SHA256

    1ff4444acacfa7bca5312acc019e46606d6ec4f5b954f5f99e174522c3a1e01e

  • SHA512

    8c4f613399d4e204e1aa1424959b6aff97a7b673b5b8ddb3ef987860a32084a3255b9e6337dcf99323e45c72941cd8ab9ecb21f9071d41fa069e008452ef6b57

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    215165

Extracted

Family

gozi_ifsb

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      1ff4444acacfa7bca5312acc019e46606d6ec4f5b954f5f99e174522c3a1e01e

    • Size

      269KB

    • MD5

      aacaf931b73a54807e926ee60cf66c80

    • SHA1

      9802df2ee8534fbf3cf28e1d46c131be1bace151

    • SHA256

      1ff4444acacfa7bca5312acc019e46606d6ec4f5b954f5f99e174522c3a1e01e

    • SHA512

      8c4f613399d4e204e1aa1424959b6aff97a7b673b5b8ddb3ef987860a32084a3255b9e6337dcf99323e45c72941cd8ab9ecb21f9071d41fa069e008452ef6b57

MITRE ATT&CK Matrix

Tasks