General

  • Target

    30bb7b0a988a5d25a8a9da3f01634e49792acd8f97d05fb162971b3307654056

  • Size

    972KB

  • Sample

    220621-cvfznsbch3

  • MD5

    1a6c3538fdc7f47444941df8698b068e

  • SHA1

    f0a71eec25204c81e4f4fb7a91110a8fd3bedeab

  • SHA256

    30bb7b0a988a5d25a8a9da3f01634e49792acd8f97d05fb162971b3307654056

  • SHA512

    dd8268951b3de43fd32f85713d18a264e08c68c44ad31741f0067b8c8cfed4d981889151b1d34a407bbbc1f12c56db6d48e59ce12ebdc2209f078ecd167ce636

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300768

Extracted

Family

gozi_rm3

Botnet

201909031

C2

https://ciaraburkett.xyz

Attributes
  • build

    300768

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      30bb7b0a988a5d25a8a9da3f01634e49792acd8f97d05fb162971b3307654056

    • Size

      972KB

    • MD5

      1a6c3538fdc7f47444941df8698b068e

    • SHA1

      f0a71eec25204c81e4f4fb7a91110a8fd3bedeab

    • SHA256

      30bb7b0a988a5d25a8a9da3f01634e49792acd8f97d05fb162971b3307654056

    • SHA512

      dd8268951b3de43fd32f85713d18a264e08c68c44ad31741f0067b8c8cfed4d981889151b1d34a407bbbc1f12c56db6d48e59ce12ebdc2209f078ecd167ce636

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks