General

  • Target

    994aa4b3b0033b12e6b923183959be7897aabee03b8b241b4ad5812e1c72e134

  • Size

    459KB

  • Sample

    220701-gpaypaehck

  • MD5

    7c503e502a77116edbc28cae59f22f06

  • SHA1

    8c4229bb28abe857d2a7cde9b25d6bce9a15ab3c

  • SHA256

    994aa4b3b0033b12e6b923183959be7897aabee03b8b241b4ad5812e1c72e134

  • SHA512

    12878a23d8d8d19bbe3555ff862e1b90376c6836c7a69c1feb221af0ba1e048dd8457437b25c3db831de15a9ae24e8b98f6949e6c989a3a95351b839712d1378

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214085

Extracted

Family

gozi_ifsb

Botnet

3428

C2

google.com

gmail.com

ztoy.top

qmiller.club

vipresleynz.com

Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      994aa4b3b0033b12e6b923183959be7897aabee03b8b241b4ad5812e1c72e134

    • Size

      459KB

    • MD5

      7c503e502a77116edbc28cae59f22f06

    • SHA1

      8c4229bb28abe857d2a7cde9b25d6bce9a15ab3c

    • SHA256

      994aa4b3b0033b12e6b923183959be7897aabee03b8b241b4ad5812e1c72e134

    • SHA512

      12878a23d8d8d19bbe3555ff862e1b90376c6836c7a69c1feb221af0ba1e048dd8457437b25c3db831de15a9ae24e8b98f6949e6c989a3a95351b839712d1378

MITRE ATT&CK Matrix

Tasks