General

  • Target

    2c5cd06eceb2f5f869b6761db2f875e8b8ccfb4895c34eeffe9bbd3d61c19f29

  • Size

    1.4MB

  • Sample

    220614-2zls6ahbcl

  • MD5

    c5f83b4812e9f25b985e8b2176be260e

  • SHA1

    cf8612f2fe46749cc08a72f6e7de8bc6993d8f58

  • SHA256

    2c5cd06eceb2f5f869b6761db2f875e8b8ccfb4895c34eeffe9bbd3d61c19f29

  • SHA512

    0a3c93c0a29953d38fffa4d16d8bc21dc21058989210d4d28193e30bdccc07545baf416eb4f75100d19d179322a88d6b233d441632cdd84a09513cf15601f8c9

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    215165

Extracted

Family

gozi_ifsb

Botnet

3157

C2

sokesornic.com

soystrisar.com

czarthyone.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      2c5cd06eceb2f5f869b6761db2f875e8b8ccfb4895c34eeffe9bbd3d61c19f29

    • Size

      1.4MB

    • MD5

      c5f83b4812e9f25b985e8b2176be260e

    • SHA1

      cf8612f2fe46749cc08a72f6e7de8bc6993d8f58

    • SHA256

      2c5cd06eceb2f5f869b6761db2f875e8b8ccfb4895c34eeffe9bbd3d61c19f29

    • SHA512

      0a3c93c0a29953d38fffa4d16d8bc21dc21058989210d4d28193e30bdccc07545baf416eb4f75100d19d179322a88d6b233d441632cdd84a09513cf15601f8c9

MITRE ATT&CK Matrix

Tasks