General

  • Target

    29e1d5c9a97e5cf0d16873e5e7ec469bf62071ae819226c8553aecd793d68b7d

  • Size

    269KB

  • Sample

    220615-p4qaxsabg9

  • MD5

    4523c4fb510b9dbd5d77ecedc4a6d459

  • SHA1

    077f15f034d22814abcaf7d5119a25462b1f4229

  • SHA256

    29e1d5c9a97e5cf0d16873e5e7ec469bf62071ae819226c8553aecd793d68b7d

  • SHA512

    84cb2a5f21157e1ceefcf3d4449e5962000eb7f277b075e86f2b695b1c033997436da90708430add4ce8dfea7d513453c8667d88a2c21438c8e80128f8d4d66b

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    215165

Extracted

Family

gozi_ifsb

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      29e1d5c9a97e5cf0d16873e5e7ec469bf62071ae819226c8553aecd793d68b7d

    • Size

      269KB

    • MD5

      4523c4fb510b9dbd5d77ecedc4a6d459

    • SHA1

      077f15f034d22814abcaf7d5119a25462b1f4229

    • SHA256

      29e1d5c9a97e5cf0d16873e5e7ec469bf62071ae819226c8553aecd793d68b7d

    • SHA512

      84cb2a5f21157e1ceefcf3d4449e5962000eb7f277b075e86f2b695b1c033997436da90708430add4ce8dfea7d513453c8667d88a2c21438c8e80128f8d4d66b

MITRE ATT&CK Matrix

Tasks