General

  • Target

    7ec1ca0f08e9142491ea6fba6bc3977cbbb2a363729938628dc5611fbf58ee87

  • Size

    60KB

  • MD5

    61adeaa0ef6b93aee38f8b074fb4d134

  • SHA1

    73a439eeef669b84d0a7fd42d05ce3e92328b4cf

  • SHA256

    7ec1ca0f08e9142491ea6fba6bc3977cbbb2a363729938628dc5611fbf58ee87

  • SHA512

    e237612c262a8ea07207775b61ab40dab90867e294c09b81ab0860c303343fa8d8b12d27efd55d8e78cd60386e7829b001afecb588a7ebb3773ae26391bb25e8

  • SSDEEP

    1536:C5cEqlalXmgVReA+Qc1kEW/p/b/W91Nkd:ucEqlalfVReA+nW/jULk

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

4780

C2

microsoft.com

avast.com

Attributes
  • build

    214084

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

Files

  • 7ec1ca0f08e9142491ea6fba6bc3977cbbb2a363729938628dc5611fbf58ee87