Overview

overview

10

Static

static

3

e864e061f5...18.dll

windows7-x64

10

e864e061f5...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-04-2024 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e864e061f55ec7abf779a6dc386b114b_JaffaCakes118.dll

  • Size

    520KB

  • MD5

    e864e061f55ec7abf779a6dc386b114b

  • SHA1

    aa1e9ead2b85731087922dd86935d13c17b7a241

  • SHA256

    60e5b4e544f0a8c757025ff36c8a2bbd3175bfff88d1e7c9d1de788b3d3b6c3b

  • SHA512

    cad8bfd8c8ada9256d053ed014de1f15233a51919eacd98df4658260368835a84302d8c9119dd7d92a770b9295551f3d615fa6d8ff338717c35247978cf69a49

  • SSDEEP

    12288:0/1dF5oiiOpCp1wwMnJxLHD/4M1kPD7KrY4Zk1Af0fSlllll/lllllj1OrvhcGX:0/h5aOwIfHcR7P4m1AESlllll/lllll0

Score
10/10
gozi1500bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

gtr.antoinfer.com

app.bighomegl.at
Attributes
  • build

    250211

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e864e061f55ec7abf779a6dc386b114b_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4132
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e864e061f55ec7abf779a6dc386b114b_JaffaCakes118.dll,#1
      2⤵
        PID:4976
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3020 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:2332

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4976-2-0x0000000000FD0000-0x0000000000FD1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/4976-0-0x0000000010000000-0x0000000010116000-memory.dmp
        Filesize

        1.1MB

        Download
      • memory/4976-1-0x0000000010000000-0x0000000010116000-memory.dmp
        Filesize

        1.1MB

        Download
      • memory/4976-3-0x0000000002E20000-0x0000000002E2D000-memory.dmp
        Filesize

        52KB

        Download
      • memory/4976-6-0x0000000010000000-0x0000000010116000-memory.dmp
        Filesize

        1.1MB

        Download
      • memory/4976-8-0x0000000000FD0000-0x0000000000FD1000-memory.dmp
        Filesize

        4KB

        Download