Overview

overview

10

Static

static

3

0fec824107...18.exe

windows7-x64

10

0fec824107...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    03-05-2024 06:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0fec8241074bc12177e09e456ae9265d_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    0fec8241074bc12177e09e456ae9265d

  • SHA1

    8d399133e1c3f1b29b2e200ba91c11fd2a187780

  • SHA256

    0677fdd75e2314cfda2991b1506af60ed271169ff0a179771d8a8107644cb06a

  • SHA512

    a2acfa48f09384100c4bd8bc98e5a73bf7ee7a5360561d405904c579365ad06a9503bb947391b76bba474cfae139b06e1231b67e10d924519f951699962d445e

  • SSDEEP

    3072:94ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9ydp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0fec8241074bc12177e09e456ae9265d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0fec8241074bc12177e09e456ae9265d_JaffaCakes118.exe"
    1⤵
      PID:1576
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2248
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2644

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2ddab57304056022eec09f6d466d1320

      SHA1

      154458d37e10dbc0bb253a6894f14ebc640cc9b5

      SHA256

      59ace40df214dc9feacc15261b21dc7914d1272f2e77b563edc4fc4cc7f6cc95

      SHA512

      4db27a22ed03ebd8eacda74376d9abcd645862414cb5a7ec540b16fed6df94b9ed9859a50f912bbde80c71ae15a7ba1ccb502334afa811581d21c3a86ca9f8f4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f483a9a56eb63b11dae3c6db9fd846b1

      SHA1

      42f768f440af1f4c22bd98c779e2844256357631

      SHA256

      f2e90e3887c311ad1d5d3dafcad769cfa8891ee86040aae9318fcb53ae9967cc

      SHA512

      e7003b30d44d8d0b5b62ed388fd470716191f8c6786a71e9c45ece5c4c63852dc3361a6c17a27b69b8c71796879f97e99572260bb581e01b6ccde1d9d837b802

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      793917fddf66c3eef8008a706c04eec7

      SHA1

      c323359f995134e93bcca5e048bd7aede6f0acaf

      SHA256

      0269f74929aff9b9a4e07cb5c9855d1f801f4f1d74f8da407deed58ef5a7bc04

      SHA512

      faf76ff05a1af7339d1ad9876e629457db06ff00676cf7f6568422172ec096c41e1413abae59fd46eafcbca9cce7990519265d2b0cc862ffde3b67d17a63d4a3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      00d4121e55cb0043205c32340cd75d4e

      SHA1

      938df7841b76f78080ee767982df1686fcc68d39

      SHA256

      7264c02ac9ed9ba38e84cb8c77d0a88ad5fdb42a9a3a8c30a8b5f3454daa4a2e

      SHA512

      f4871c537db64b7403f9dd62904d174a72bc7806733d15578117e40c10bf0c7a6532b92af86283f02aff08b051ecc5c55ea4eb646e22a955228080f40e2a3a1f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5d2371ff13f6dc430126eaa3713f4a94

      SHA1

      a783cd57ad2ba9db68528dc2f47c440d81614977

      SHA256

      595f8e2cb4106c34f9736174467bf6897c74be4600cce8b4a2866ae3d0d8c923

      SHA512

      a722c53139d6f3d96054e0c0a34dc1633efc3025e10cafd596c1ce053b7f75962e5922c0e7c081b45ef64ce0f3c4f2b9f9d07020cf10bdca1450a67d752e464b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1d7250e8b87586dc4d1923bb2f5742d9

      SHA1

      44c1f50abff39f665e1b7c0708ba9b336f7c9ddd

      SHA256

      1e70ec0a9f47832cdbf18e9651763938d0190cd495226b01dacfe43edb957176

      SHA512

      8ce10a06c9881b7073daf796dea8e07cd745b693b038436bb458453939bc43221083b91448a5d8c5e1d6355a14b0c6788781325475acb8ad22404ec177e9e81a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d0f908243f281eb941b71a8ed586fc19

      SHA1

      220e3f7365c95bd6fa8d5d48330dd7ac96fe6df7

      SHA256

      378eea3c82abc70d16a112161f67d46b8d7ea1d9f6cbe286198711be322abeec

      SHA512

      2a7e509e4a70e50780b4bc2035b460a7f282df2ae0dcd417435083a0c47b005d9ab41d017abedf27e8dd281f791c473d9d5ea5254452d2b5573c4e4f8988a61f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1956c432365570b1744d5b1039a73c72

      SHA1

      3e756c5f94ca9b4776f620ac2217270f03d2b296

      SHA256

      8a27ddba546eba4a86a9a8fa3330b6aab19a73b422caa3187f1ff7f5318c68bd

      SHA512

      5d62018b8c3dfd89ed433265b045cf2e5ff2d7d220b7f569d8651047abfecef1526403dd5411a91db31d594376beee38594ff7adb8b1902f77d7926cb13a0019

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5c5d41c71b42be9d65d0d2b5e9bd768a

      SHA1

      8e52bea17973e8deb763122701706b6ec5d88673

      SHA256

      66c0ae9249701c4ed151893e701ac60f8daa63ece3671cee6543db52ac98b706

      SHA512

      0c0c0bf94d541ea5d5db9d84262baa869ad78d7528cfd7a20480cd43b34f8db2c3b0b4a24a5e870ab904decf4bb9df9cade903f653065dc4ccfb36b2c0d2efb4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d7e9913268239d5c54a5e03bddb9eebe

      SHA1

      b8bdc93df6061b98fc40025d93c27f8661bbb7ca

      SHA256

      623a1e93696e0c9bb09bbda8ea2be2d24accdea8762ea8d6c168a6b745cabb8f

      SHA512

      d6102a5401344b5b724b45f7d918434a4e666d0389f42621ebba777b5b831716f4442b344c338f6407cc6c533e6eef1c037bd2ef4985b67ba0ce8422f4f0e1db

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab7CDF.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar8ED9.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/1576-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1576-19-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1576-8-0x00000000003E0000-0x00000000003E2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1576-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1576-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/1576-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1576-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download