General

  • Target

    2d16670890bf44f0c84c960f44f932379f7910fd072bece241bcd15890ce2418

  • Size

    648KB

  • Sample

    220614-zdrfeacabk

  • MD5

    0e0d323872c6780b89d243f5b5aaf261

  • SHA1

    c838f27e7431e5475a655bc1f0e855533e035f0c

  • SHA256

    2d16670890bf44f0c84c960f44f932379f7910fd072bece241bcd15890ce2418

  • SHA512

    5c94f6d05539aa3c85d5fd51e49431149c83c786c25f1e7a1d9fe708cf7a8e8457c95b46b799eb4bdd6b0b18fd872e1a41b8c7577d75730802a4dcab28c28fe5

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214062

Extracted

Family

gozi_ifsb

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city

Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      2d16670890bf44f0c84c960f44f932379f7910fd072bece241bcd15890ce2418

    • Size

      648KB

    • MD5

      0e0d323872c6780b89d243f5b5aaf261

    • SHA1

      c838f27e7431e5475a655bc1f0e855533e035f0c

    • SHA256

      2d16670890bf44f0c84c960f44f932379f7910fd072bece241bcd15890ce2418

    • SHA512

      5c94f6d05539aa3c85d5fd51e49431149c83c786c25f1e7a1d9fe708cf7a8e8457c95b46b799eb4bdd6b0b18fd872e1a41b8c7577d75730802a4dcab28c28fe5

MITRE ATT&CK Matrix

Tasks