General

  • Target

    1fc694f0415d1411b92c6800e66818b66cf1b86d1b73dbb6687530b84b93aa50

  • Size

    269KB

  • Sample

    220612-valzasgbbl

  • MD5

    2e8feed4b0937886fc14d9ab73e33cee

  • SHA1

    03cf74106fcecc54c224352dc4343b1aea514a0d

  • SHA256

    1fc694f0415d1411b92c6800e66818b66cf1b86d1b73dbb6687530b84b93aa50

  • SHA512

    f517fc4e8084c3aa5f8cc7b19340e3c7c0dec16377d6ca46edc4d1eefa6df401b272b0facc06edb06538a8751c5aeac947a96e6bdeed6280d2e551344e978b29

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    215165

Extracted

Family

gozi_ifsb

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      1fc694f0415d1411b92c6800e66818b66cf1b86d1b73dbb6687530b84b93aa50

    • Size

      269KB

    • MD5

      2e8feed4b0937886fc14d9ab73e33cee

    • SHA1

      03cf74106fcecc54c224352dc4343b1aea514a0d

    • SHA256

      1fc694f0415d1411b92c6800e66818b66cf1b86d1b73dbb6687530b84b93aa50

    • SHA512

      f517fc4e8084c3aa5f8cc7b19340e3c7c0dec16377d6ca46edc4d1eefa6df401b272b0facc06edb06538a8751c5aeac947a96e6bdeed6280d2e551344e978b29

MITRE ATT&CK Matrix

Tasks