Overview

overview

10

Static

static

3

0e01542bdd...18.exe

windows7-x64

10

0e01542bdd...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    02-05-2024 08:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e01542bdd676c53497d649d58eba864_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    0e01542bdd676c53497d649d58eba864

  • SHA1

    881d30e8438acf6ab1ddb9a4991472ee670e3092

  • SHA256

    28f51fa6f903768c8b9a8e65c38b7da1ce3cfbb1d431824fb3b07435062497e9

  • SHA512

    54df76e53740c4ee52013068adb831925fc7e7caf37db54ea9b39db708d9baa2a35dd2471ed6b32d8eeb00c6715f4cca1c6a9a892c476fd7f5f5628d35cd1b2f

  • SSDEEP

    3072:9oji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9idp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e01542bdd676c53497d649d58eba864_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0e01542bdd676c53497d649d58eba864_JaffaCakes118.exe"
    1⤵
      PID:2420
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2576

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      23d61e329f1e14cebe2f0d16e4fbbd85

      SHA1

      8e6cb2808c898ce3b73e7075252fe4fa01e39051

      SHA256

      fc5e88ed7682397256830994537e73c56d72185e8da7c38cbb3341f537b9229e

      SHA512

      b61ed2db067b2eb0db270ebb324f453c811fc0a049baab129c15b455bd86bb89883be4efe069c684f38a9d3619bb87beb4704832336ec2be2730572dbd8fc1d5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d1f23047f211c2a889c97f19231d4c5e

      SHA1

      13ed08c4d38f991329017205975d4e3c9b9f2e10

      SHA256

      f6ceaefc6b82e374a483fed5025f858d7b0cc24c930c29398f77d3403aefc54e

      SHA512

      2abb5dd8b061fc0cf9fb63fefd2d05f58d4a92959631135391a2f7fba1d0cf1e677081e64ea23cdc8bfaaaf1fcb8746c03bada72e649f7ad959743b017fa87ac

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      39a1bb0a91bb200bc10f85bff81d2f68

      SHA1

      afa893a9f132ad9c8b74436f4c37f86c775d2be3

      SHA256

      222018a96ce2542067ac4c4c5c98dea43d8dcb36873514d13170f0c36877a45e

      SHA512

      e56e7f41a911a9bd108d34f1ce2c569f517eecbdf06193d3a1120840aff7237051968867d6f4de651685d13e6095d52564b049f9b99efe5c1872139606d6bc3a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f6442c2daddda3facf8e063f5f44ec8d

      SHA1

      e81de423aab7c1d8b5a4c1ccfef8640a51c52201

      SHA256

      24f0b15196eb00a93a66eaf5a63517f30a7c9e388979566d1edbc58d757a70af

      SHA512

      ae8dfb01fae6760cc422ed417b8072ce9291b9b1c195a647e78e7ce14da714d35408285e65cf7bf1ff8136bce774194a9c051214ac3e00942245d825a6e62e81

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c0d06719ca635fa38ca36d2b0ed98a67

      SHA1

      eadfaad0f376fa312e2d9e0f00723d002bfd4cad

      SHA256

      82b12a4964abdda36dcb2fdc54b50e63eb80626f5bca11cfa2504f79aa396a9b

      SHA512

      a1466b9a19524e272d2ffeaf79a0d2373d602b652a5a6e12216306411227ea451c3df2983d49e86c1d98f930be33bee4e834fae5a87ce58601a9a18dfe53e7ba

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b43dd3356e414083a6313da20890e851

      SHA1

      b538c8046c2ade0cb95384335efac129011636d3

      SHA256

      994f0a6d04b1e3b2b4f55854dc714cb6baa5e33d3697979bc1ba46e238134472

      SHA512

      fba50f19da8896ac3f18380fd951515a4ca65145400c6517d322f801e533deaa352f1bb70c0d75d3dec7839bb64c629dcfb031214ccbc63d2b4d0683dd23be5e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5163c7564f1d0afa040f6ee6a41d8c83

      SHA1

      411cd2c9d968180afd7167067af6e646e4a40a2c

      SHA256

      712d7f025d1761e32b6e9b3ed0336100d888eddde8462c2e308a47e0d587a7c8

      SHA512

      0328546abbb585b48c05fe39e2c6ecceea8706bfde4e0eb6c364e7732e689f8021f9d7ea850c94bfc7667ffba631569aea64fcb210719f8640369e8afa3ea45e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dcaf2b803c7f6f9b32d3f2242eea2a31

      SHA1

      6031534b7fafd65961bfd6e81a320680037727c9

      SHA256

      c9127db27e887e40688397e4a0f761688c25d05c9b7002fdd3ea1749b188d95d

      SHA512

      fe338b7c59ea362d580e66b1386e0eaa5aa169beecf3fbe216147b4792b0c63d34c96a61f5655eeecaa040008f49948bc0123920a6fac0a36ad7fec6d9733a0c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      771896a3610077827f0bed5af983c086

      SHA1

      9484e0abaf36e70a36bc1c971a26092d39cd55cb

      SHA256

      6359aa7e6ae84ce7c12550e031d45eb15a642d42fd74bbb0c665c984b4a5c273

      SHA512

      5bcfd76aef21cf47f2721b1d4dee07c58aca21d69e7bf43bb9832a1f2e4d680beb407499371513f64e38915f2245f9510bff24b629505c6acba3a385909e86dd

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab6D46.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar6D49.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2420-4-0x0000000000280000-0x000000000029B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2420-39-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2420-8-0x00000000002B0000-0x00000000002B2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2420-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2420-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2420-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2420-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download