Resubmissions

25/03/2025, 21:22 UTC

250325-z7241awn18 10

25/03/2025, 21:19 UTC

250325-z553wasxfy 10

25/03/2025, 21:15 UTC

250325-z39chswnx3 10

General

  • Target

    44fbfc91f971975f6351843b984d157279f503681d6cb9e652d421f4eefc2236.zip

  • Size

    218KB

  • Sample

    250325-z7241awn18

  • MD5

    a30bdbf2b6940c6020d53a34d46afe9e

  • SHA1

    dbedd0d36a3365c558af5f0968e190a81edc8401

  • SHA256

    44fbfc91f971975f6351843b984d157279f503681d6cb9e652d421f4eefc2236

  • SHA512

    ba79e9a8cae53800bf47bf7845348b0c8e4c33c10857707bdbbb4aacdf3c039968d974b1e4942652f1c46ec10a3a838e10c87799e6a93f8caffd900b42c428b4

  • SSDEEP

    3072:J4KlbvpA+O26/A0TxqL1n4vjb5WF9ycvpYLjgZpuU3cSSERReMhL0I4qP5pY:J4KldjyDlqLR4LbEDyc6UpDcSfeMPdi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3300

C2

addlock.mitial.at/api1

Attributes
  • build

    250141

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    730

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMUW6IDws32ELfLfoDDkwlJs4pq88zZR
3
W+Y4rWzkobCn3ljY+5uI4vo1c66Mmg8LD1IUoUpNhqgFspCw3bu834MCAwEAAQ==
4
-----END PUBLIC KEY-----
serpent.plain
1
xM9BfOL6eNTQzEHb

Targets

    • Target

      44fbfc91f971975f6351843b984d157279f503681d6cb9e652d421f4eefc2236.zip

    • Size

      218KB

    • MD5

      a30bdbf2b6940c6020d53a34d46afe9e

    • SHA1

      dbedd0d36a3365c558af5f0968e190a81edc8401

    • SHA256

      44fbfc91f971975f6351843b984d157279f503681d6cb9e652d421f4eefc2236

    • SHA512

      ba79e9a8cae53800bf47bf7845348b0c8e4c33c10857707bdbbb4aacdf3c039968d974b1e4942652f1c46ec10a3a838e10c87799e6a93f8caffd900b42c428b4

    • SSDEEP

      3072:J4KlbvpA+O26/A0TxqL1n4vjb5WF9ycvpYLjgZpuU3cSSERReMhL0I4qP5pY:J4KldjyDlqLR4LbEDyc6UpDcSfeMPdi

    Score
    3/10
    • Target

      60eafa94ceb03b819234435aebd7784597eb212f6a796a4a1052b19beb854a30.js

    • Size

      1.3MB

    • MD5

      34686f47e7d2f9206fd5dab3814ed870

    • SHA1

      447fbec5fb2ffe97d839ce8ed56a75383dca02c1

    • SHA256

      60eafa94ceb03b819234435aebd7784597eb212f6a796a4a1052b19beb854a30

    • SHA512

      092c9f37b44781031cd731a7c8fd358a3de4ac8be1192176bbb558e87a313c664918cc895e6c1971138342fb4bf24423afb6398ef6431d05c24f28a7c8788076

    • SSDEEP

      6144:Zi9kVg2B54Ah7JHNhbvxPKf1wGYew0CATXH4R+LcKzwi1w3R1V8KyIvSzxRUXkjN:ZA

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.