Overview

overview

10

Static

static

3

08e0b9ef42...18.exe

windows7-x64

10

08e0b9ef42...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-04-2024 03:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08e0b9ef42c8a0bc04cb62af20d2e7cf_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    08e0b9ef42c8a0bc04cb62af20d2e7cf

  • SHA1

    73769dafe13733200f0f578078e1d3a6bbe3329d

  • SHA256

    0ae5c577513e23f8f453d650af3582dadadcef255e1d0970bdd790d52f57d4cf

  • SHA512

    db2059a83166ac7e9f0d41f6a72fb2d922f26d52955db61abc836ebe1591861e5901a9e0f66d1471bee858dc10f47e1be48ed2f2a8a8945d4f117619d9f11529

  • SSDEEP

    6144:gVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:gVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08e0b9ef42c8a0bc04cb62af20d2e7cf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\08e0b9ef42c8a0bc04cb62af20d2e7cf_JaffaCakes118.exe"
    1⤵
      PID:2320
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2432

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c8cda84f569b050a2a8ac2022e616a15

      SHA1

      586a5306e5b0749361e1ccaa4219ed84f6b1f4d8

      SHA256

      a9ed10204d296ef05c816f54c089a63dfab41b3ae89cdbfa7080196e16a6e5c3

      SHA512

      faf2a78fc5617cd59130cbba972c190451d1226759c68f3e2f9153e9f12bb44da24469d04edb98e7cba0e5f392d645dac1aee5a8b81d72f69ae7635bc0fdb640

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9b586a18da613d8a21e4e6357f470dbc

      SHA1

      ef4c9a82b15f84682c2d889f35566296701b4e11

      SHA256

      250ac8090892fb4b4be2c6c48be8a73c92ccd7261c69a25f957df769c0d2ad9e

      SHA512

      3bb2231f9ef7d0a6308a1e12f6dd6396b920a5dab6202d901c6281556052103099720eef362a227db6d80a52e3905a527d3521c52fc4c80cb2c4fbde8b9e3a9c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8171b2ce9482be0257549a9c606dc59e

      SHA1

      369017b705f7f0881516f98ac45896a7bf777aa4

      SHA256

      5f7d0b266ab37481e889387fac3cb2227777c224408ddf1a1590521b19544f49

      SHA512

      be3ab07a55ab37f1d9ae11a0be5fab82b35ca062bf5b4bea3335b18c7de175e3d09d8a69923581d32f5ee3325f8c496cc9dd22cb90b670d4e14883da2fc5cd65

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3a9022d76a7e41da6e1b3c6bd316dca2

      SHA1

      65962331335219bde7259bcf54437ca1a81aa1ef

      SHA256

      158f4638f3c736bd243fa125cc92d621024a80548b4ac724ce5fc579fbdce0dd

      SHA512

      3fe1ae13c72e46f9002b6d6e24f6e666a9318ac0de3fb1ff2bd224a9a82c4aa013f79a773a67d922fcdff0ed9e0a57b551d0703eb472ba332f34b32847230256

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      02bd5159ba4554d922859809914f8c31

      SHA1

      bdd0e7272ea174a0eae406782b6a705bb07d8b0c

      SHA256

      0b0ade462b3492c12d86d8bb9c25dbf6dd1a2ddef92c91928b3bb8c6396596fd

      SHA512

      a60fdd9160cf5b62f94a8c7380f5d59deac448a16fdf180ccea3dba99bf5750263dce46631335d64c2d8a63a59f6877d174e4630bf9af8929767ddc8829a62a4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bcd3666e91ac87df2bb684e1c4efe95d

      SHA1

      624a9ce0ab58a5f0470392aa7e32c959d1eca360

      SHA256

      e77edf5c64312f19c4763180e1f359f9bda297c3b3dcd7a4c8a21dcf83bb8091

      SHA512

      1cd9d1b64a166b555774e980dac18a114f3dbc4330bc61a49c59c24ae48bbc325c9d58b572ca285bbc6eea5b5277a391ef53e26187518f25b7031234ce80c212

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      356c7d68842e3d68337a5b03830151a5

      SHA1

      32b544e44e3faeb4e9aac8a22275ef2caee75bad

      SHA256

      57c9c5c03403db1289a27427c0e033439bed2c1e0f14b502d7d8301d2fbfcaa5

      SHA512

      e75ac5ee05869c3f4b7fce589d10cd34294e48a9b41554b47287122d593d0357b7d66a5b065d26a0ae556dd6beb48c78b171a7f3869f844f789d27ddfe55c53d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1fe2d240045867c1335b6782e7572bfb

      SHA1

      c02408b52e8aa7cf00084c7f69429961fcfeff1d

      SHA256

      476633f7b996533fbfb392c1b51f41963fdb3db5296926aca3a10b4646e7b867

      SHA512

      4e33fad954189cdc89ec0a22a7c4ee40b6515db98565d0fbf77a2c066ab5a624c079f155f8357d76915a0441cabcce0f185c990ec4641c1ffe0f4fbd28436cfb

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9751.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9822.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar9825.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2320-0-0x0000000000BC0000-0x0000000000C13000-memory.dmp
      Filesize

      332KB

      Download
    • memory/2320-6-0x00000000003D0000-0x00000000003D2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2320-2-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2320-1-0x0000000000140000-0x0000000000141000-memory.dmp
      Filesize

      4KB

      Download