Overview

overview

10

Static

static

3

5cd96f6b1e...JC.exe

windows7-x64

10

5cd96f6b1e...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2023 17:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5cd96f6b1e6a4a172d852a7bcf5ad10bf029e135061f0ae5105f45a9920089a2_JC.exe

  • Size

    294KB

  • MD5

    bb35f8c1a3236ad31c754cdfe795d57f

  • SHA1

    b744f8ae31e2b3f7c3b72b9615823a3a3ad02989

  • SHA256

    5cd96f6b1e6a4a172d852a7bcf5ad10bf029e135061f0ae5105f45a9920089a2

  • SHA512

    fcb8f4458b7a5a4a2536a22ad55e4564ffe3d3327e4eefca10a30bc490ae29c8cc31760e07d567de53150090c84bb171209f1f3811f22d3f69545beb15edd0b0

  • SSDEEP

    3072:4e6lIjmvg7aaCIg0JHk8D8uNhUqHAMMQKL2H/NHIS:4blIavYaaCIg6h/NhUDAHlH

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

185.247.184.139

62.72.33.155

incontroler.com
Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

Processes

  • C:\Users\Admin\AppData\Local\Temp\5cd96f6b1e6a4a172d852a7bcf5ad10bf029e135061f0ae5105f45a9920089a2_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\5cd96f6b1e6a4a172d852a7bcf5ad10bf029e135061f0ae5105f45a9920089a2_JC.exe"
    1⤵
      PID:2144

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2144-1-0x0000000000250000-0x0000000000350000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/2144-2-0x0000000000400000-0x0000000002290000-memory.dmp
      Filesize

      30.6MB

      Download
    • memory/2144-3-0x00000000001B0000-0x00000000001BB000-memory.dmp
      Filesize

      44KB

      Download
    • memory/2144-4-0x00000000022D0000-0x00000000022DD000-memory.dmp
      Filesize

      52KB

      Download
    • memory/2144-7-0x0000000000250000-0x0000000000350000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/2144-8-0x0000000000400000-0x0000000002290000-memory.dmp
      Filesize

      30.6MB

      Download