Overview

overview

10

Static

static

3

0ca818e089...18.exe

windows7-x64

10

0ca818e089...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/05/2024, 19:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0ca818e0891059faaa5a27e359c1989d_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    0ca818e0891059faaa5a27e359c1989d

  • SHA1

    bb4abc7d811952a8aafc13391b694ec4d2a0a6a3

  • SHA256

    e3d7fdead1746a958ff5020f275eab267eba0ecbf7b708758f2293d96b70c291

  • SHA512

    1456b9ca16f9b02143f81afb7a8b38adcb117038bca1e42b07594bd52c57fc2adf215528cf4ddf88ec2654f536d34bbbefbae66440b79ef20e912c26fed2cfbc

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0z2L6BWnqR+yV:BHXDy1qVvZnOe/HEyoGWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ca818e0891059faaa5a27e359c1989d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0ca818e0891059faaa5a27e359c1989d_JaffaCakes118.exe"
    1⤵
      PID:2112
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2596
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2972

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            b10b3692b42f1318e4f17f1a816a347f

            SHA1

            217ea587f38606cc82d81cfbc4b3431c726362b1

            SHA256

            a19277db279b98a01a70cf036b226176e9230e07d407b31516d92793fc399f81

            SHA512

            9269a2436405ffa4c24d02f260f7e779af65e1a249349560ffa4ce60892e36b8268c22c7ef59389d02bc70d43ead77afb3585d35b3b38d0518023180b2a2bc0d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            05873645fbb1de7f5950dc6269f434c5

            SHA1

            52c069ab90e425568c7acfcd45d8aca10d6181d8

            SHA256

            f768b94349bf5dae26258e34c52be7eec44a2df935fde4e10e1b12d23b699bba

            SHA512

            d101819f0d74206edd8a0bebfa97dfb7acee2bbaa5e7202f48aaaa8633b747a7dd216b4e8ffadf136b7bdfc7b3fc57926f2ddc30d5dac1d7321c7f79160ee491

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            a5ae578acc6c3adbdf350b93cc0129ca

            SHA1

            bdea1ec919dbe9a7711463e6e11a1cf8c63b1889

            SHA256

            0d39099d136a2f60b776027c8dfb956e09f6ba1e38e11891847c06925bda3f53

            SHA512

            c7d1aa4e3764221110cbc7983b5ad0a7de52f31fe55533accfa70d06ca98d3d7fc6b4dc40462114fa6d944e7223396b6d3a4f5c28936de4d553284c392eb1173

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            e467b96ae1b03b7a395690f665353ba8

            SHA1

            2fbc2a19d69f0967d3960cb42df69d3c08923338

            SHA256

            01e82500bee6a6a2d9f482f7780246d8f644d9339eba4d9b185bf65bdac304a7

            SHA512

            d711a34192bd619a568e4a5be03c5a171b9a66692c3fc05a311b897cccf9611f56ef972154819790a1995a769f30beffca79b16493f85f87f405390b37917b47

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            5a9a405c6546f011657d4f51ce70d060

            SHA1

            5491ff781a8f400d0c1c1ab63ea6133e36bff079

            SHA256

            18d0b1aa931e530852eb8df482804f9dd780fe75fbbcc51d82418fc521239e2f

            SHA512

            00a2fb37f6dd0bf47dc8cc4fae1aacc6d817d92ca6e3318e5c6b0806f38f57362ba238664cb03450fbedfc582f248c68a0cbd01912af2655d3f0be5106ca169c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            3692baf3b132ef9942d05f207462dfb1

            SHA1

            c93e1f34720f2c6c79c26ed6b3eb69e0121c2d28

            SHA256

            b798774b146ba9758f40a2a2a08b083512644d226a1bdf0a30d60b8e12b08edc

            SHA512

            67a7d324b1aad0668ab4ba8d865ee0c0a0f0108eb648e460f5bcd21059428fd988811094253e55d95479feab1a896310f2f848c24a991fe98e737deb378c769b

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            f725396636340cac3c9b0ec53acb723c

            SHA1

            b2f5ae94191ef6a2635332df2ff349d9a3164bc7

            SHA256

            f3c8f1fe8ace16a94048f6f8a23b7daa220a8a558b44fe5b62c631512c65a7d7

            SHA512

            4b4a1616316a070692fc608b0c719014c370e40041743b4ad172aed87a93b6a544e7db74ee54252120222fa4b59db4d4ee82daa6d36657c052ca7cd6843349f2

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            2191e0fc06f273e01aa224be6e708e0a

            SHA1

            a8ca90a183427a4f0d3bb0c4e2fb59abec33a68e

            SHA256

            ac503521c98084320b8c87a76637845d297024fc36133a37e3fe3ecabb1fa937

            SHA512

            b9f509c2764bbe42971c8480ff18f799cf551a50e5e576fe5135515fb77e85c674bb7b3e70dddd275bce37706501abcc81fb0936de06859665a1c577b9a426bf

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            adaed92ac1d1119d3bba3a5b4d433068

            SHA1

            03f0990bee4d761e2376dabd6995feba034cd393

            SHA256

            c5e766c505ca3187ad514d286aa9a6f5f184cf1a0273d8bf3432404f73f16732

            SHA512

            7814e54d398b99c3f4d5c6984653b983e296b42b9132f0f34ea580723ac93e5e9288b3d6ecdb4c4a9360a989c5113305ba24094501f15ef42a1a9bf93278d041

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab9A5F.tmp
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab9B3D.tmp
            Filesize

            68KB

            MD5

            29f65ba8e88c063813cc50a4ea544e93

            SHA1

            05a7040d5c127e68c25d81cc51271ffb8bef3568

            SHA256

            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

            SHA512

            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar9B50.tmp
            Filesize

            177KB

            MD5

            435a9ac180383f9fa094131b173a2f7b

            SHA1

            76944ea657a9db94f9a4bef38f88c46ed4166983

            SHA256

            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

            SHA512

            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

            Download Submit

          • memory/2112-0-0x0000000000400000-0x0000000000441000-memory.dmp

            Filesize

            260KB

            Download

          • memory/2112-6-0x0000000000600000-0x0000000000602000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2112-2-0x0000000000360000-0x000000000037B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/2112-1-0x0000000000330000-0x0000000000331000-memory.dmp

            Filesize

            4KB

            Download