General

  • Target

    97d569ff94892401159e27e0a38d90e15e167a47fca575d29cfff5700d2bd875

  • Size

    372KB

  • Sample

    220625-gjt5dagdcp

  • MD5

    8a4e95e912a6c3d8f97159707801d8d6

  • SHA1

    b6b16710343be0495d460946305d81e70ae5f69d

  • SHA256

    97d569ff94892401159e27e0a38d90e15e167a47fca575d29cfff5700d2bd875

  • SHA512

    05d79fa08ef299f3978662bd0049176eee518d5ccddd7010a75662bc18f4a500f8c39dd23bbe3dc83354338effd53d1790cf2c6aa0e109059bfc2294726b3c2c

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214062

Extracted

Family

gozi_ifsb

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city

Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      97d569ff94892401159e27e0a38d90e15e167a47fca575d29cfff5700d2bd875

    • Size

      372KB

    • MD5

      8a4e95e912a6c3d8f97159707801d8d6

    • SHA1

      b6b16710343be0495d460946305d81e70ae5f69d

    • SHA256

      97d569ff94892401159e27e0a38d90e15e167a47fca575d29cfff5700d2bd875

    • SHA512

      05d79fa08ef299f3978662bd0049176eee518d5ccddd7010a75662bc18f4a500f8c39dd23bbe3dc83354338effd53d1790cf2c6aa0e109059bfc2294726b3c2c

MITRE ATT&CK Matrix

Tasks