General

  • Target

    2ce34161764137dd54c15cfb748ee700322c7c68a4e757623c17ba3a0799bac9

  • Size

    1.7MB

  • Sample

    220614-z55gcahee8

  • MD5

    681675b4c3b35644e1c6194059c6a0d7

  • SHA1

    5b6d0590e317e3141b10404bc2cfc2be984c7b5c

  • SHA256

    2ce34161764137dd54c15cfb748ee700322c7c68a4e757623c17ba3a0799bac9

  • SHA512

    c48c4f9acf463f13e31501da4b35e2303a3aaa1fc28fad061abf503d181ab72dc465ab0cb8d5fbf94ffa5244180c27b9fa0d51eee6e749a4b46f8b1efea9b46d

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    215165

Extracted

Family

gozi_ifsb

Botnet

3155

C2

roevinguef.com

sfernacrif.com

abregeousn.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      2ce34161764137dd54c15cfb748ee700322c7c68a4e757623c17ba3a0799bac9

    • Size

      1.7MB

    • MD5

      681675b4c3b35644e1c6194059c6a0d7

    • SHA1

      5b6d0590e317e3141b10404bc2cfc2be984c7b5c

    • SHA256

      2ce34161764137dd54c15cfb748ee700322c7c68a4e757623c17ba3a0799bac9

    • SHA512

      c48c4f9acf463f13e31501da4b35e2303a3aaa1fc28fad061abf503d181ab72dc465ab0cb8d5fbf94ffa5244180c27b9fa0d51eee6e749a4b46f8b1efea9b46d

MITRE ATT&CK Matrix

Tasks