Overview

overview

10

Static

static

3

151fa04d7f...18.exe

windows7-x64

10

151fa04d7f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-05-2024 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    151fa04d7f14d904a26dea9e6d5aeb5d_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    151fa04d7f14d904a26dea9e6d5aeb5d

  • SHA1

    98138497b764a1c894e7ebd5f0c06fd59c9b9703

  • SHA256

    bab642ecb2bf14c321690d07574c14aa962dae6a7eaaddc27db1b8add7971495

  • SHA512

    394222954f91fa92b7826a73679d8bbe148ce1d52543efb575f04666d305593a10dd199132c76fa4461860819ba64067a3738340cf6b08f25462907578d3aa33

  • SSDEEP

    3072:92ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9wdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\151fa04d7f14d904a26dea9e6d5aeb5d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\151fa04d7f14d904a26dea9e6d5aeb5d_JaffaCakes118.exe"
    1⤵
      PID:1924
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2520
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2684

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e830e8de90ece15b6ada679a0bf6885b

      SHA1

      288105f4191886a75889feef6da310d98d30ee89

      SHA256

      70dfeecf5b3411440a1e5b157002324a8d15626551e671f0f3dd46fca5290b77

      SHA512

      5cafcaf1ee41d7bd42fbc7df7ce91142639b6afb821e731548a20a3803e35962121ab263dbc0978d4de327f70d9eb325e361e2afcd33b2f3fb75f8ec5e86cfc5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      53375676a2dddc9881ad306aa95d885f

      SHA1

      8886a4881e4ac2360a5ec12e4c3c219c3817e945

      SHA256

      f5c35328ff0b9cf388fca0015f5f54bd2c2daf15e35b82f4326e8704e19b07b6

      SHA512

      242e547b04ab7c45ff6a2ffcd0d2e0298300732f92b77e412138953b9bf6266cc2ff46215b0bb5143720d359222cc4f42f3d5e7f00e66371c285eb0e3967c365

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3a88c706947617fd69a6e1b2be8ab88c

      SHA1

      43482c24f6d9170e65dee8d959a84716070e1a89

      SHA256

      d5db81a0e5738f455e5b88a136a2af73e15afe6d52159aec62589b6a63370e4c

      SHA512

      235357483c25f5c445a1767a0c66ec45945b08cd11186d3a9d3355d81c154f7603e0789ea0ea9ffe214ac000b618cdd9d07cb6ed80a64f5d59899975509a0fe5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      74c2ac70a2c67b00a64c441ded6eb92e

      SHA1

      f5fd21ac5b8050403efbbe163ec9fbceabf032b8

      SHA256

      9aa8a2f3b009a056775779d07dcfecbde873ee4e630834b9c05dbabd30f379a9

      SHA512

      ed4b6fd80f6de355767ec46885491e9af201895be8febd77b845b916e31b9cfeb9c5b7ca65c5292ffaaa3ebd80acb3dcc47936d394fbfbf45ab6ad251a575205

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      704490b6394fb03f3b8a10065ea20191

      SHA1

      848600a3eeeb4f64beec6e12b36f4536fa8a255b

      SHA256

      37c9d470620a45fbfbe7dc4ec5cb90eaceacf70bc53e5e3995af9e05f1737cd9

      SHA512

      6ca0fb6a01865cdb1633b1ced448938fc6f107cb83ba824f691ab09201764a62a3c174a5475db2f3c2fa0413f0a7e0be2174b6156ed30b3fe070ffd04f76437b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3119363cc16612bc30c6a70e31bbc932

      SHA1

      3aac745a6a1151547d518f85fefb770f1b3479b3

      SHA256

      a2601129c575bcf2f88abf1686e6c0087067e8c1a83894630deac2eea7a22563

      SHA512

      e39fe515a7010ca60f03227dd53044322a2272759a20d97918a7f716484c9a31162c0c02ec8a572c8b567d3b2d52623a9b30aa8f1171c56bac6c163bc0efa518

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4ef0e0b3f922ea0d5194cb23bb7ac40d

      SHA1

      8bb3f2e42df541dbb9240b8fab7a4d7e4193804d

      SHA256

      c907cd8b76848da33729e500a378fe481a1355c9974aaf25b01d6c52e936ba23

      SHA512

      d17a50207714c1e8607182bad5bc0a9f2dabb62c6dcc74694d35234b12b47162f08d9f0366e0a494d79a5bb7a3ee38529adb333e4df3a24565ab7bfbc3441483

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2fa613be811ff9ff4701360ea21c3676

      SHA1

      c96a9e9abac782901e6ba0d4b58b4f8b785a240d

      SHA256

      2c5e818fc2f877d6faf2873d1c3f3a70d02736c83272b70ea1e70d0cbf9eb0d0

      SHA512

      c3868c05f449490c4a8c8b890324bf2557527c2efeb5885be1ae6c273790d22d72f1d721b5098ec775e2cf31b638f9e49ec5a28a6d164bc69f66ae22aa777b82

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      af7acd33d5087823586cdadee22e0a1a

      SHA1

      40a5656e3cbc7f3f03d3cf607cef264297e9821e

      SHA256

      fb4202cd2d79411ea33c998a69207483ebe7bed531cb5a424140e0ec27565039

      SHA512

      e86756ca488d66c0092c5f85744b5a3bad6e039cec9ff9469693dfeaad8c6bff1bd5965ef36768bc250a9d3c9bfcb1be755f8d38da2802aefd0d7706f48e1dd7

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab891E.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar8931.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar8A01.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/1924-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1924-10-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1924-11-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1924-7-0x00000000002A0000-0x00000000002A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1924-3-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1924-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/1924-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download