General

  • Target

    2c657ef4f5867b2c0ba120277108d7a753dbe6c259094c5c1c24ae47dddd761c

  • Size

    304KB

  • Sample

    220614-2v4heaghbm

  • MD5

    4600cc0a686b97163d2d11adddebb06f

  • SHA1

    d0dfa5d9b04fe616a3e9a7be5eb061d9eafd0ba9

  • SHA256

    2c657ef4f5867b2c0ba120277108d7a753dbe6c259094c5c1c24ae47dddd761c

  • SHA512

    6048cc2eb710e82f8809630a4351fc552b6d2f0b1aba506bb1fac27d4b1db70f9c7a339ba3acd8d0b0a5b6aa797a679efec5c8a30d2f81654c4e81f5de7d98ef

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214082

Extracted

Family

gozi_ifsb

Botnet

3363

C2

liiuab4.com

tidgoee51connor.top

c93dg24kellie.info

Attributes
  • build

    214082

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      2c657ef4f5867b2c0ba120277108d7a753dbe6c259094c5c1c24ae47dddd761c

    • Size

      304KB

    • MD5

      4600cc0a686b97163d2d11adddebb06f

    • SHA1

      d0dfa5d9b04fe616a3e9a7be5eb061d9eafd0ba9

    • SHA256

      2c657ef4f5867b2c0ba120277108d7a753dbe6c259094c5c1c24ae47dddd761c

    • SHA512

      6048cc2eb710e82f8809630a4351fc552b6d2f0b1aba506bb1fac27d4b1db70f9c7a339ba3acd8d0b0a5b6aa797a679efec5c8a30d2f81654c4e81f5de7d98ef

MITRE ATT&CK Matrix

Tasks