General

  • Target

    2025-02-27_2d5e92d6c90ef3ec07d26b04c5a3a1fd_icedid_ramnit

  • Size

    867KB

  • Sample

    250227-hr4t8azrx3

  • MD5

    2d5e92d6c90ef3ec07d26b04c5a3a1fd

  • SHA1

    30c554d183c709b2701cc91b4527775abb33ab74

  • SHA256

    d27cb7a2bf0aa4d7d49c68555084595f433897992b39a8b61f59b9056b74287b

  • SHA512

    0953e2a402ea8b71708de4bd3df365de135bb7bcebcb5e53919acff4c88cd881b898a057eddac156f057560158057a65c4d051db955a0b1e915565d3a4588fa2

  • SSDEEP

    12288:MASJCsqQtu95V4WUA+6dH1G0p+MU7bo24wmLsG/RgRQrUrF2ClG+pG/YR:MACeQO5V4WUA+6dHN+l9ZL5rF2igYR

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214131

Extracted

Family

gozi

Botnet

5020

C2

settings-win.data.microsoft.com

accrualdewd.xyz

Attributes
  • build

    214131

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      2025-02-27_2d5e92d6c90ef3ec07d26b04c5a3a1fd_icedid_ramnit

    • Size

      867KB

    • MD5

      2d5e92d6c90ef3ec07d26b04c5a3a1fd

    • SHA1

      30c554d183c709b2701cc91b4527775abb33ab74

    • SHA256

      d27cb7a2bf0aa4d7d49c68555084595f433897992b39a8b61f59b9056b74287b

    • SHA512

      0953e2a402ea8b71708de4bd3df365de135bb7bcebcb5e53919acff4c88cd881b898a057eddac156f057560158057a65c4d051db955a0b1e915565d3a4588fa2

    • SSDEEP

      12288:MASJCsqQtu95V4WUA+6dH1G0p+MU7bo24wmLsG/RgRQrUrF2ClG+pG/YR:MACeQO5V4WUA+6dHN+l9ZL5rF2igYR

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Ramnit

      Ramnit is a versatile family that holds viruses, worms, and Trojans.

    • Ramnit family

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks