General

  • Target

    60e56ff40a3f53385faed68011dba9e70e63899a91e821527fed3ba8c79d3e4c

  • Size

    908KB

  • Sample

    221130-rdeslsaf6x

  • MD5

    cee291306818412f879ab3df22ad1126

  • SHA1

    33f53bc68ece6e129dee0f7f1eb1db43070ff2d0

  • SHA256

    60e56ff40a3f53385faed68011dba9e70e63899a91e821527fed3ba8c79d3e4c

  • SHA512

    a6428e9a8838ce4e5958a64c531dd29b47adc575eb4f3415eeed261f7da43c6f60badd1d5c1bafd6c4fe2add11a30a13cc03d2d8575db5e85b19ca49bfff9596

  • SSDEEP

    1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300854

Extracted

Family

gozi

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      60e56ff40a3f53385faed68011dba9e70e63899a91e821527fed3ba8c79d3e4c

    • Size

      908KB

    • MD5

      cee291306818412f879ab3df22ad1126

    • SHA1

      33f53bc68ece6e129dee0f7f1eb1db43070ff2d0

    • SHA256

      60e56ff40a3f53385faed68011dba9e70e63899a91e821527fed3ba8c79d3e4c

    • SHA512

      a6428e9a8838ce4e5958a64c531dd29b47adc575eb4f3415eeed261f7da43c6f60badd1d5c1bafd6c4fe2add11a30a13cc03d2d8575db5e85b19ca49bfff9596

    • SSDEEP

      1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks