General

  • Target

    2992c9c8f7ee4679a37ed9f4948ca898a43f945bc8c3d7f277ce4ce6cbd58119

  • Size

    424KB

  • Sample

    220615-q846bahfhm

  • MD5

    4013c6593cb98f469e12910cb7cc57d4

  • SHA1

    916f92127bb77672a1175811324fc9b44872b9d1

  • SHA256

    2992c9c8f7ee4679a37ed9f4948ca898a43f945bc8c3d7f277ce4ce6cbd58119

  • SHA512

    ba78f3f8a22c1a119ef36916410fea16f72c05593b3a9d2e18b53d33eb9df5fe114c093af9fba63b6a09adff3c2a2f1f8f068e0f0a775a1dc24a0cf2a899f304

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    217173

Extracted

Family

gozi_ifsb

Botnet

3306

C2

w56benedict.com

f5ekqcgwa.com

n7omje.com

Attributes
  • build

    217173

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      2992c9c8f7ee4679a37ed9f4948ca898a43f945bc8c3d7f277ce4ce6cbd58119

    • Size

      424KB

    • MD5

      4013c6593cb98f469e12910cb7cc57d4

    • SHA1

      916f92127bb77672a1175811324fc9b44872b9d1

    • SHA256

      2992c9c8f7ee4679a37ed9f4948ca898a43f945bc8c3d7f277ce4ce6cbd58119

    • SHA512

      ba78f3f8a22c1a119ef36916410fea16f72c05593b3a9d2e18b53d33eb9df5fe114c093af9fba63b6a09adff3c2a2f1f8f068e0f0a775a1dc24a0cf2a899f304

MITRE ATT&CK Matrix

Tasks