General

  • Target

    0dd3f5d9fe5eae94f564dfb67377a09a_JaffaCakes118

  • Size

    176KB

  • MD5

    0dd3f5d9fe5eae94f564dfb67377a09a

  • SHA1

    3f20779d07cc7ee25ebb45b0de5f79e2e7112d4b

  • SHA256

    abd1af11552d5a4d87ebb8f637357b42857e1aa5f4ffe834533a1304ca0f699f

  • SHA512

    3fa6c1c6b23fc423f0b90394ba901021b0380d4b81b09a329af17e971c4c4ca66dc316fce2e70a680d90b4bc480700d00433eee630b87eb3c326a6770aa82321

  • SSDEEP

    3072:MTWVgGCU5786CeeJevp6Mt3sekVk6cG8Zw/2vO6Xjoj+wrcLuaWOS:o5GCU5I6CeD4Mt3RkVkc8ZfOTILup

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1000

C2

redwoodmotors.ru

pampers-globalworld.ru

pinkfloyd-mp3love.ru

sosandhelpconnect.ru

Attributes
  • exe_type

    worker

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0dd3f5d9fe5eae94f564dfb67377a09a_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    902b82f84f78151161fcee866a7a75d6


    Headers

    Imports

    Sections