Overview

overview

10

Static

static

7

f81495ed85...18.exe

windows7-x64

10

f81495ed85...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f81495ed85e93d6015d930a910d059a8_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240418-qls5jafd3s

  • MD5

    f81495ed85e93d6015d930a910d059a8

  • SHA1

    806f0cd1f924d82a906aad65e7b5baaddbb9d94a

  • SHA256

    ccef042bc9897a81595201e9565497a8aa2a043dd0ce015e964db9c20f277686

  • SHA512

    d30898b635b8e5e5fc3449715c8f9cc22affefe7ae9a3b98bc887fe170755c286130e38b92e37b0a8c1bd258bbc9fdcfbd4d69df981b2f7e4936584d02430832

  • SSDEEP

    49152:gCiQB60x95JXrxJrxiZREXZq23vFgyLnkgVDSowq7M:gCjprbXVJrxiZWq2tgylVw

Score
10/10
gozibankerisfbtrojanupxvmprotect

Malware Config

Extracted

Family

gozi

Targets

    • Target

      f81495ed85e93d6015d930a910d059a8_JaffaCakes118

    • Size

      1.8MB

    • MD5

      f81495ed85e93d6015d930a910d059a8

    • SHA1

      806f0cd1f924d82a906aad65e7b5baaddbb9d94a

    • SHA256

      ccef042bc9897a81595201e9565497a8aa2a043dd0ce015e964db9c20f277686

    • SHA512

      d30898b635b8e5e5fc3449715c8f9cc22affefe7ae9a3b98bc887fe170755c286130e38b92e37b0a8c1bd258bbc9fdcfbd4d69df981b2f7e4936584d02430832

    • SSDEEP

      49152:gCiQB60x95JXrxJrxiZREXZq23vFgyLnkgVDSowq7M:gCjprbXVJrxiZWq2tgylVw

    Score
    10/10
    gozibankerisfbtrojanupxvmprotect

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks