Resubmissions

11-12-2023 00:15

231211-ajzxashcg9 10

31-07-2020 08:01

200731-byjjr3wcee 1

General

  • Target

    584bfstrategiv.exe

  • Size

    250KB

  • Sample

    231211-ajzxashcg9

  • MD5

    e16d08218b8f082b9422db5fe2c68544

  • SHA1

    b9b4827e021df02df1054faf3db483a1078fcb80

  • SHA256

    3c2959c2b584303b92d1bdef931e0cf8d4c418bded5025ef21f35f476aac4a26

  • SHA512

    bacc063264ba1af29579454e976d2e650cd5a308ceb8708d9a9d3070ff6ab7af73a8b037961f0258d9224246d2891f0156ac378e2a904f6c7f26ffaa3158d33f

  • SSDEEP

    3072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300913

Extracted

Family

gozi

Botnet

92020311

C2

https://appealingedge.xyz

Attributes
  • build

    300913

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • non_target_locale

    RU

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      584bfstrategiv.exe

    • Size

      250KB

    • MD5

      e16d08218b8f082b9422db5fe2c68544

    • SHA1

      b9b4827e021df02df1054faf3db483a1078fcb80

    • SHA256

      3c2959c2b584303b92d1bdef931e0cf8d4c418bded5025ef21f35f476aac4a26

    • SHA512

      bacc063264ba1af29579454e976d2e650cd5a308ceb8708d9a9d3070ff6ab7af73a8b037961f0258d9224246d2891f0156ac378e2a904f6c7f26ffaa3158d33f

    • SSDEEP

      3072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks