General

  • Target

    2d32f0bf0f4145ef247014ed89e6a7478d7f110572b8796604613ac2262fd304

  • Size

    197KB

  • Sample

    220614-yy42kafcf6

  • MD5

    b5a6e2ee7212a097043a9a903cc39769

  • SHA1

    29900a7fa027ced3797deca05097a033ea3d0d94

  • SHA256

    2d32f0bf0f4145ef247014ed89e6a7478d7f110572b8796604613ac2262fd304

  • SHA512

    699406fca85053914014eee75d778b53f9cc38c712358bc36c90aad6d1ab630190cc26ec5193fbb7e0c7b94254454af7b478d85e7b0632a0b6c1210324025655

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    215165

Extracted

Family

gozi_ifsb

Botnet

3135

C2

zweideckei.com

ziebelschr.com

endetztera.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      2d32f0bf0f4145ef247014ed89e6a7478d7f110572b8796604613ac2262fd304

    • Size

      197KB

    • MD5

      b5a6e2ee7212a097043a9a903cc39769

    • SHA1

      29900a7fa027ced3797deca05097a033ea3d0d94

    • SHA256

      2d32f0bf0f4145ef247014ed89e6a7478d7f110572b8796604613ac2262fd304

    • SHA512

      699406fca85053914014eee75d778b53f9cc38c712358bc36c90aad6d1ab630190cc26ec5193fbb7e0c7b94254454af7b478d85e7b0632a0b6c1210324025655

MITRE ATT&CK Matrix

Tasks