General

  • Target

    8aae2cd1f55e1fe0104959efb94321bdd90fd8e4664ce0a2b74de6ce6c502a8d

  • Size

    319KB

  • Sample

    220701-hljl4aabh7

  • MD5

    637192a9ea6f03e2d85dfa6bb3568c73

  • SHA1

    dd1a5a147884ad69aeb4b6705dd7a3259614a4ca

  • SHA256

    8aae2cd1f55e1fe0104959efb94321bdd90fd8e4664ce0a2b74de6ce6c502a8d

  • SHA512

    0eec8821f945a70d0ebcd3a11100842921344cfb0951d093b5603a72a2d555d49205d9392b84b0a1df5d5f4257231ca83bdc173276f764aeda405eb7ec0e1807

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    214085

Extracted

Family

gozi_ifsb

Botnet

3453

C2

google.com

gmail.com

gyvmogabriel.club

t161ramiro.club

rfztobydbgii.com

Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      8aae2cd1f55e1fe0104959efb94321bdd90fd8e4664ce0a2b74de6ce6c502a8d

    • Size

      319KB

    • MD5

      637192a9ea6f03e2d85dfa6bb3568c73

    • SHA1

      dd1a5a147884ad69aeb4b6705dd7a3259614a4ca

    • SHA256

      8aae2cd1f55e1fe0104959efb94321bdd90fd8e4664ce0a2b74de6ce6c502a8d

    • SHA512

      0eec8821f945a70d0ebcd3a11100842921344cfb0951d093b5603a72a2d555d49205d9392b84b0a1df5d5f4257231ca83bdc173276f764aeda405eb7ec0e1807

MITRE ATT&CK Matrix

Tasks