General

  • Target

    c144f0300a8edf883d20efa99df9c4f2

  • Size

    222KB

  • Sample

    240311-wttzpacc79

  • MD5

    c144f0300a8edf883d20efa99df9c4f2

  • SHA1

    1e46028ab42f62146b77658452c67002bb29b658

  • SHA256

    d5b601aede54caf37aaa50ee368c76fc659a9f764feb4a9cf7f2eb880ae3f631

  • SHA512

    672ed2ad34fd76a5bafd8c13e83390d9bcd0f3b66499c6f2e255097dfb6f560819e7af7fa6c76a6b91a8e867d0b20a6971ae1dc78438abd4fce4c23093b5b717

  • SSDEEP

    6144:/HExb7VwvtKNbnvSxYNiyf+D3Lu3y5mH:cxb5wvtKRvSxY0G+D7u3f

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

4474

C2

lycos.com

mail.yahoo.com

193.56.255.251

193.56.255.250

193.56.255.249

numolerunosell.online

gumolerunosell.online

rumolerunosell.online

Attributes
  • base_path

    /images/

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    worker

  • extension

    .avi

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      c144f0300a8edf883d20efa99df9c4f2

    • Size

      222KB

    • MD5

      c144f0300a8edf883d20efa99df9c4f2

    • SHA1

      1e46028ab42f62146b77658452c67002bb29b658

    • SHA256

      d5b601aede54caf37aaa50ee368c76fc659a9f764feb4a9cf7f2eb880ae3f631

    • SHA512

      672ed2ad34fd76a5bafd8c13e83390d9bcd0f3b66499c6f2e255097dfb6f560819e7af7fa6c76a6b91a8e867d0b20a6971ae1dc78438abd4fce4c23093b5b717

    • SSDEEP

      6144:/HExb7VwvtKNbnvSxYNiyf+D3Lu3y5mH:cxb5wvtKRvSxY0G+D7u3f

    Score
    1/10

MITRE ATT&CK Matrix

Tasks