General

  • Target

    f201ce71d5930931036f0cb7d9bb16c6b2dc7e954275f51d03cdb9104bb2e253

  • Size

    1.8MB

  • Sample

    220701-g7lsxafghl

  • MD5

    f4cb1ece423d6c34c628d1049e2b7225

  • SHA1

    c44a5fd2373d2dde7c08ea0e8f38f4c7708953f5

  • SHA256

    f201ce71d5930931036f0cb7d9bb16c6b2dc7e954275f51d03cdb9104bb2e253

  • SHA512

    cc16fac4477dd6a0952989831d46c0a0ca564552e074c1f672833c9afb4b9568235b531f075f0ab22df20f8a0829505790307c7679c5ab2cc067c8ca5f5f9eb5

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214062

Extracted

Family

gozi_ifsb

Botnet

3184

C2

qfelicialew.city

mzg4958lc.com

gxuxwnszau.band

Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      f201ce71d5930931036f0cb7d9bb16c6b2dc7e954275f51d03cdb9104bb2e253

    • Size

      1.8MB

    • MD5

      f4cb1ece423d6c34c628d1049e2b7225

    • SHA1

      c44a5fd2373d2dde7c08ea0e8f38f4c7708953f5

    • SHA256

      f201ce71d5930931036f0cb7d9bb16c6b2dc7e954275f51d03cdb9104bb2e253

    • SHA512

      cc16fac4477dd6a0952989831d46c0a0ca564552e074c1f672833c9afb4b9568235b531f075f0ab22df20f8a0829505790307c7679c5ab2cc067c8ca5f5f9eb5

MITRE ATT&CK Matrix

Tasks