Overview

overview

10

Static

static

3

0d000748ed...18.exe

windows7-x64

10

0d000748ed...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    02-05-2024 00:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d000748ed275195be493e094435069c_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    0d000748ed275195be493e094435069c

  • SHA1

    90a77087bae8d2d53ca4c49452e07bbed067d69a

  • SHA256

    95c2e799a86e222b4d2b8f83278df0324b6a2ec99ba69ebe13f51b0087e8125a

  • SHA512

    a92002239a1405fad253e83c4d80ff46b3063815a930bd3e7765cd47f9547cb81a05055e6ae9b1011c24b9b74976d0d72dbc6f3b2108005ad86d9524fbb54a84

  • SSDEEP

    3072:9xji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9ldp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d000748ed275195be493e094435069c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0d000748ed275195be493e094435069c_JaffaCakes118.exe"
    1⤵
      PID:3000
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2056

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      223890f8c267d17dd9d6b80d90e6e4fd

      SHA1

      2065c37727d6ea5b7142199972929e9cc4344b67

      SHA256

      7769c2b934b5e18246dda0624e49a5c8531c090d89ea89e4cfb54fa7985521eb

      SHA512

      c108e700e7063bfe98578decd9595665d7ca8a0ff14943cc4daf51ac463709c066d0b4d243c182e7161116bc29a16f504f6df2280ed24630a5b21e0088c170a3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ea938e5afe6fced28780c4491ec29b10

      SHA1

      d0db2d4cfcc0677f050a1976ea1a05cbd61863b4

      SHA256

      f2152cdc0bdfc5dad15f3a7639c49e2d61970def3e7eaffdbb7f1e91767af19c

      SHA512

      cd689cbe2cb7f8d3eebbdf805bc51e9654a0708aad0fae69b231bf11e80f9d4696e524a598a05127a78a551c6d7c030b06f5d5b2ea669c08ef937042d7fc1c40

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1e5efce3473ec149ec82b7437351b311

      SHA1

      49ae11a329ae10b29db8cca57483b7fcf41c7774

      SHA256

      0a988840e5885330fcf75fb75feb641cc9d935b0046c6ec19a332642ee7a2f8c

      SHA512

      edc4b3cd648413eef44e1e66fed19627880ed21f9f183cd91ed8f5158687a386078d27d33bef17f16a7e93061d32a314feb947af806f5e45916105c8065bc54d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7d053f1ab26fee2be6f86b34f1226373

      SHA1

      73599a694c69384adf6ee99573cc8b69131821e3

      SHA256

      360d5cb9be02cc87a1fa2846244613b37601e1f68caea1bfeaa9cdceb7a74fc4

      SHA512

      e4d00b0ce66279a9f8962278f9a25dc4069caca9af278201d9fd5e8dc5f3ea35fe847147573f629b41e67b03c4930cb478026fc1d62effb2d7ab87e1d2d652de

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      93bda99558c9fb89d975e69865fe5dfe

      SHA1

      837f7954928118dfbebcdbc381c42174116039c8

      SHA256

      d3977c084355f00b38fbc6e040f9041cf0ce8f067b97a5f17690399e273c3b9a

      SHA512

      4cfccd020cca9b79d696a0299d90a7267340cab0be9818b543575ad0fb2e8bc1623bf8977edf1b125b581c58ec765e39b78a1af04dc1619ecc4139962ce21408

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      79e970b34ef8e8b593515c97bd6daf8b

      SHA1

      d376806bb92496777533e22d60a17dd636436a85

      SHA256

      8e5b76592e496f3d656c25f180dbd82f0d194e3dc40e907732a9d620f5d6c881

      SHA512

      382299aaf0d8d471b6ce1293fee530810d09962e6de428901f34b9f32c92a17ee6a02cedd617a209cc57e79c72401d948a9387eaabe09d3c98c59d36164bc21d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      951c062d84754209e8d740058f5eeffa

      SHA1

      ee8711e377d8caf1e060831c5d4f45512da661e1

      SHA256

      1be305c2f21c83837107ced142fad0ba330534455e93b1b6b9e20b5336c7035e

      SHA512

      47d51b402e7d88aff86506a6ce472b2225104de81d142cfa28d6dd09e241ee61c9ba63995f6dda7ac3862726aad13eaf2a474e3c07b3d75904113e945e1441cc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5503a7157e346c30b3ec98053862add6

      SHA1

      bd781aba2578abcc142912d19fd20ec24150cf27

      SHA256

      85203398c3b626e6bfff895dfc831a2fea183789ec9f72b02363a1fadccf1ace

      SHA512

      019077dec94fd8518263bd4643f576c4bcf14081b4bec635b90a663d90c1858e69bada3ce7f6f23d65c4e3d51f90d0d9f27eaa4aca356428457c304559a2f955

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      01b3af1bd52f144946b39e53fd89760a

      SHA1

      06d8fdf48ca0566dbe0b198a1776c48d7289ee22

      SHA256

      022c3ad799cc07e544110223ba1eb4011d6b9df5410b7d541a29e05cab093bfb

      SHA512

      7a6ade4d533994d1ddc7d1f3091ec71a702f290748ef72f228b225395668b78ae1964b153e335fda6f3460efbb8e73ef3178abe639d9dfd294735804548a5624

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d1c2b04525b561697b47550852f13e0b

      SHA1

      07027322a38ca22051b6f6acb8caa0f7d3ce28c5

      SHA256

      89a81176cf9911caf7a44ae754c729ed8d0b9b9e257316e919c0f2688c379743

      SHA512

      8be0f3dab7622d78089aa13a1d5c740a9ae907c3db495360d7ee957eb2f7817ec789fd47f24920141c7d16e522376d4d4f0020b597137f15b880107c9b206dc7

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab68C3.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar68D6.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/3000-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/3000-55-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/3000-8-0x00000000002A0000-0x00000000002A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3000-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/3000-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/3000-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/3000-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download