General

  • Target

    daabe475ca939c58c9bd1227d06b715eed27296197c8f54f10619f0b505154ee

  • Size

    706KB

  • Sample

    220625-cjs5vscdb9

  • MD5

    6f673fee4ef29bef18746371874e3561

  • SHA1

    8d99611473eba72c1469eeaf358f7d476e0f07f2

  • SHA256

    daabe475ca939c58c9bd1227d06b715eed27296197c8f54f10619f0b505154ee

  • SHA512

    d7bd661517212e588a3b34702720a4d65ce1714f7b46ea9cf79dfb2904b99ba3afad5cb196be8202fbfbb983d482b8b1bced3d49e2364fdde0af2c287d3b57ad

Malware Config

Extracted

Family

gozi_rm3

Attributes
  • build

    300854

Extracted

Family

gozi_rm3

Botnet

202004091

C2

https://guiapocos.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      daabe475ca939c58c9bd1227d06b715eed27296197c8f54f10619f0b505154ee

    • Size

      706KB

    • MD5

      6f673fee4ef29bef18746371874e3561

    • SHA1

      8d99611473eba72c1469eeaf358f7d476e0f07f2

    • SHA256

      daabe475ca939c58c9bd1227d06b715eed27296197c8f54f10619f0b505154ee

    • SHA512

      d7bd661517212e588a3b34702720a4d65ce1714f7b46ea9cf79dfb2904b99ba3afad5cb196be8202fbfbb983d482b8b1bced3d49e2364fdde0af2c287d3b57ad

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks