General

  • Target

    Lx6.exe

  • Size

    37KB

  • Sample

    221011-p2cbaaegem

  • MD5

    3b892bea0f8cbe0b61ee380743567d1d

  • SHA1

    90522132e3a97e966e5270a8e105cc33f0d6c4e5

  • SHA256

    6b722961edc010c5487de4ef7eee84b586ac3c3f06dbd1920935ea5f7bb90543

  • SHA512

    120c7f3d22858dd7cb02f67bf6ff38dd9ba1f32d6fdfe18c7f9dde76ab20b435f98f4e4e54b7967422755cb6dedf0c575d360a1339c3a4cff69f556647045e3b

  • SSDEEP

    768:Z41V8UHIm2wyBdcNtW2RTYBfx6w39rDE3Lkjx2K/ZK38ua:ZefIZwAdeD8B56w39HE384h38

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1900

C2

tel12.msn.com

194.76.225.60

185.212.47.133

Attributes
  • base_path

    /doorway/

  • build

    250240

  • exe_type

    loader

  • extension

    .drr

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      Lx6.exe

    • Size

      37KB

    • MD5

      3b892bea0f8cbe0b61ee380743567d1d

    • SHA1

      90522132e3a97e966e5270a8e105cc33f0d6c4e5

    • SHA256

      6b722961edc010c5487de4ef7eee84b586ac3c3f06dbd1920935ea5f7bb90543

    • SHA512

      120c7f3d22858dd7cb02f67bf6ff38dd9ba1f32d6fdfe18c7f9dde76ab20b435f98f4e4e54b7967422755cb6dedf0c575d360a1339c3a4cff69f556647045e3b

    • SSDEEP

      768:Z41V8UHIm2wyBdcNtW2RTYBfx6w39rDE3Lkjx2K/ZK38ua:ZefIZwAdeD8B56w39HE384h38

MITRE ATT&CK Matrix

Tasks