General

  • Target

    ef137b4fb6819a4aba3866003c871692d569eeb65523d0e2565df8949ef09961

  • Size

    376KB

  • Sample

    220701-hjsf8aabc3

  • MD5

    92e4d53a04824638f683e8eaca91403a

  • SHA1

    f1a9e6f7a3912617c6b4119097a7bd14d3cc589c

  • SHA256

    ef137b4fb6819a4aba3866003c871692d569eeb65523d0e2565df8949ef09961

  • SHA512

    bea833371ed49f76169defb75bcb2653553fffeaf0d5cffff02ac3716c03f27b99b8caf358a500f678a618cdbb4892a78ecc195aed6b79b93dab94327620ae09

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214062

Extracted

Family

gozi_ifsb

Botnet

3193

C2

fy76qn.email

dst1894.com

w40shailie.city

Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      ef137b4fb6819a4aba3866003c871692d569eeb65523d0e2565df8949ef09961

    • Size

      376KB

    • MD5

      92e4d53a04824638f683e8eaca91403a

    • SHA1

      f1a9e6f7a3912617c6b4119097a7bd14d3cc589c

    • SHA256

      ef137b4fb6819a4aba3866003c871692d569eeb65523d0e2565df8949ef09961

    • SHA512

      bea833371ed49f76169defb75bcb2653553fffeaf0d5cffff02ac3716c03f27b99b8caf358a500f678a618cdbb4892a78ecc195aed6b79b93dab94327620ae09

MITRE ATT&CK Matrix

Tasks