General

  • Target

    2cfe8e32423270eafcae46dc743bacca010cc2bc8f37d854962f3e568be40efb

  • Size

    1.7MB

  • Sample

    220614-zp4j4scfdp

  • MD5

    99e91982787a99066e78e5c5d3a6d614

  • SHA1

    eb7fe7e270ace558b1f46492f272be63e9b925f3

  • SHA256

    2cfe8e32423270eafcae46dc743bacca010cc2bc8f37d854962f3e568be40efb

  • SHA512

    00978a927cf79a7663b59a6f94a3d9a628776cf5454ee88b915e0a1ad155696246d6c47fe0f9b400bbca7126c3fc6bdfb38d4e04f3125239d6d1be096073db27

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214085

Extracted

Family

gozi_ifsb

Botnet

3483

C2

google.com

gmail.com

qisqholden.com

caoamelieoohildegard.club

t11vincenzauuzw.com

Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      2cfe8e32423270eafcae46dc743bacca010cc2bc8f37d854962f3e568be40efb

    • Size

      1.7MB

    • MD5

      99e91982787a99066e78e5c5d3a6d614

    • SHA1

      eb7fe7e270ace558b1f46492f272be63e9b925f3

    • SHA256

      2cfe8e32423270eafcae46dc743bacca010cc2bc8f37d854962f3e568be40efb

    • SHA512

      00978a927cf79a7663b59a6f94a3d9a628776cf5454ee88b915e0a1ad155696246d6c47fe0f9b400bbca7126c3fc6bdfb38d4e04f3125239d6d1be096073db27

MITRE ATT&CK Matrix

Tasks