Overview

overview

10

Static

static

10

fa19893cbe...18.exe

windows7-x64

7

fa19893cbe...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa19893cbea1f8be644c303b69a2af0a_JaffaCakes118

  • Size

    2.9MB

  • Sample

    240419-mgpprsha3v

  • MD5

    fa19893cbea1f8be644c303b69a2af0a

  • SHA1

    8ea25dbd15e2713bc81076ddc061732c4b0bc926

  • SHA256

    a4a1810371894450dcf9c0f242506aada026a0b1e425cc6a355a35fc4b82e0a9

  • SHA512

    f1e6c8c713e04786e42ecbedb0e59bc0db4b3dd0b82eba8ef226fb728500a8d16a8e9d8a18002d9c742bccb6f309fa8a99c068024a890791376c59c5199266ed

  • SSDEEP

    49152:p7duzulQx/vbDxwfIXoAxFHe9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:phP+Puf2JxFHeHau42c1joCjMPkNwk6

Score
10/10
goziisfbupx

Malware Config

Extracted

Family

gozi

Targets

    • Target

      fa19893cbea1f8be644c303b69a2af0a_JaffaCakes118

    • Size

      2.9MB

    • MD5

      fa19893cbea1f8be644c303b69a2af0a

    • SHA1

      8ea25dbd15e2713bc81076ddc061732c4b0bc926

    • SHA256

      a4a1810371894450dcf9c0f242506aada026a0b1e425cc6a355a35fc4b82e0a9

    • SHA512

      f1e6c8c713e04786e42ecbedb0e59bc0db4b3dd0b82eba8ef226fb728500a8d16a8e9d8a18002d9c742bccb6f309fa8a99c068024a890791376c59c5199266ed

    • SSDEEP

      49152:p7duzulQx/vbDxwfIXoAxFHe9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:phP+Puf2JxFHeHau42c1joCjMPkNwk6

    Score
    7/10
    upx

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks