Overview

overview

10

Static

static

3

e719dd9a4f...18.dll

windows7-x64

10

e719dd9a4f...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e719dd9a4f557f350a022c98a9fcd73a_JaffaCakes118

  • Size

    543KB

  • Sample

    240408-kzr7hade42

  • MD5

    e719dd9a4f557f350a022c98a9fcd73a

  • SHA1

    6b19ce067b8660b8ae18aae3231d7f6d6e52f4f9

  • SHA256

    34f4d80e0d5869bf849227723f2d55f79d0e8a26b9fb4b6572d7d4888386720e

  • SHA512

    9166ae7f440f69aaa7b437812f83882ff9fe4d73f0ca80e3e516b4d0233b1e146ab4973fc5cdc53dc20849233b8039292162a3f465651a96bb1b2cdb785d6722

  • SSDEEP

    12288:KaM05j1f/QOwOSnV8Eh3doxeNZNN2lFzx3ycxXs4:Kanz3E4INX03ycxc4

Score
10/10
gozi8877bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8877

C2

outlook.com

zaluoa.live

daskdjknefjkewfnkjwe.net
Attributes
  • base_path

    /jkloop/

  • build

    250207

  • dga_season

    10

  • exe_type

    loader

  • extension

    .kre

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      e719dd9a4f557f350a022c98a9fcd73a_JaffaCakes118

    • Size

      543KB

    • MD5

      e719dd9a4f557f350a022c98a9fcd73a

    • SHA1

      6b19ce067b8660b8ae18aae3231d7f6d6e52f4f9

    • SHA256

      34f4d80e0d5869bf849227723f2d55f79d0e8a26b9fb4b6572d7d4888386720e

    • SHA512

      9166ae7f440f69aaa7b437812f83882ff9fe4d73f0ca80e3e516b4d0233b1e146ab4973fc5cdc53dc20849233b8039292162a3f465651a96bb1b2cdb785d6722

    • SSDEEP

      12288:KaM05j1f/QOwOSnV8Eh3doxeNZNN2lFzx3ycxXs4:Kanz3E4INX03ycxc4

    Score
    10/10
    gozi8877bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks