gozi | e2ee5e490c9675415df0fea69affe1b63febb6ca886e69997e106eca9b106d1d

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb19d6504abbde76b67b22ee8564dddb_JaffaCakes118.dll
Size

461KB
MD5

eb19d6504abbde76b67b22ee8564dddb
SHA1

b583fe36a47495557a6708eb6bcc02d63d101f02
SHA256

e2ee5e490c9675415df0fea69affe1b63febb6ca886e69997e106eca9b106d1d
SHA512

cdec8cfbd48f92568a445c775768f1af775593d1ada1ba3528a7767f3af50a6665008d5210260db9331bda3b63c15ea9d4c707fb764cb2f75d1de2cc9ff2b6f0
SSDEEP

12288:mxIkdQI90tC1o4isB/QD3Jv58kEPGxU3aV+2d:5pI90k3isB/Q1mZ73a42

Score

10^/10

gozi 1500 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

gtr.antoinfer.com

app.bighomegl.at

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2852 wrote to memory of 2744	2852	rundll32.exe	rundll32.exe
PID 2852 wrote to memory of 2744	2852	rundll32.exe	rundll32.exe
PID 2852 wrote to memory of 2744	2852	rundll32.exe	rundll32.exe
PID 2852 wrote to memory of 2744	2852	rundll32.exe	rundll32.exe
PID 2852 wrote to memory of 2744	2852	rundll32.exe	rundll32.exe
PID 2852 wrote to memory of 2744	2852	rundll32.exe	rundll32.exe
PID 2852 wrote to memory of 2744	2852	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb19d6504abbde76b67b22ee8564dddb_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2852

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb19d6504abbde76b67b22ee8564dddb_JaffaCakes118.dll,#1
2⤵
PID:2744

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2744-0-0x0000000074FB0000-0x00000000750C2000-memory.dmp

Filesize
1.1MB

Download
memory/2744-1-0x0000000000280000-0x000000000028D000-memory.dmp

Filesize
52KB

Download
memory/2744-4-0x0000000074FB0000-0x00000000750C2000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads