Overview

overview

10

Static

static

3

16e2511462...18.exe

windows7-x64

10

16e2511462...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    05-05-2024 08:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16e25114629a9d701ca21f53e840b258_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    16e25114629a9d701ca21f53e840b258

  • SHA1

    391d84b136d606c3ecbe990918107990649e90d8

  • SHA256

    f682efc41320920e31caf2f99121844cc4b3c4f5406e0980fa1b0e26f7c0c351

  • SHA512

    fbf2f36c3d066bda7204161228f32e11365b4f13c5e466c4d5a4eada3b4e0456f406f5d42998a269e6eb46da93087574b17aa9306b9875d988f999ff9ab84255

  • SSDEEP

    3072:9+ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:94dp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16e25114629a9d701ca21f53e840b258_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\16e25114629a9d701ca21f53e840b258_JaffaCakes118.exe"
    1⤵
      PID:2984
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2764
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2616

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8f29cfde5bca7b5e1ddb6c1d3be825e5

      SHA1

      1082270ad34a1c1224cc2c450f444247af916433

      SHA256

      453de823263a5d16a7bf91ef21eb52658ac8184cf01ed9ca709a4e2792d82d51

      SHA512

      e0a7d668b5ae046f6149ce538b2a0626cbc75a7bcde465efd1c2b340b0292a8ff120ddcf4917fc776350cc3b24e534811b487ff42cb99e2f0e3f949bc2a70154

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2e579ec0867f9a4b13c7ff4df54e77ca

      SHA1

      a6ef1d49c88357e57cc27679caa86f9c50427611

      SHA256

      f8903ad3d4b4b8978e03e0f9eac96943f2b49fabafc47b0cd56425e010e464e4

      SHA512

      ccc8d56f0f87f25844dbebdf79cb576caaa1c2767fd07506650290a5c48babf147e58416e7207775e13f981485b542dbbfcc0ef5dfa49e35056733696720446b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e3d665c6805bf143d568102a8b2b73b4

      SHA1

      b985e089a26198cc7838aba9fe05ecfcb2e19474

      SHA256

      265f8c1b3d3180b8c2cd89af7ce45f2ada47278ae305b301e6ddf557388eb8fa

      SHA512

      72d4ffd39a02ca9336f3dc8eded80e034b894367602c643421c111492c91b829134774847e2049353c5178ffe1ff3c2258ccf0baa6658dc95b9bf10ac9ae2406

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d09a9ab44c41e091840ce785ceac96b9

      SHA1

      a9ad3818dc33dc8705aa44fe6b3bd04ced0edf71

      SHA256

      869f01e8d960f98ecbf9be0f34265a6d5c728987b849b3e2c5eb29ee98888054

      SHA512

      985dc4032bac16295aabf263b8d259db8b212c4e25b0774f513d037c735561824805fbf4e71377fa23f1526ede5b8a52bd8560091fac0f948580b715974dd28b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      36e34cfa4456b535bc54a633c29d011d

      SHA1

      16269833cbbc024538ce8def273bf6eecc82de3f

      SHA256

      df25ff5da4cd9a93be8e244ff8a40ddbdb9e498b4d3a9d8117af281398ea2516

      SHA512

      17accff171c4b80899f9608bf5ba1ba0ea55782c76d566185fdffb23d1489fdaae8af1016352776ce779cf921a68730b71550e8a9dfe9476ff9c67b3795c8d63

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6110bdf3451ce3175b0e69027770ddb4

      SHA1

      37cdc524136adcf938ff3ca91bae7da5b7b95201

      SHA256

      22623fefc527a631ba2b5e3015544f09a22aeb61317a8be06938a00a134820ce

      SHA512

      f893018e2425fbe09cb6bfb3eaddc45ef58bb59e02575466da0dd20bb9ba7aa59b7a3d0ab88ceb64ff23e4e6c5ed94a8e53af9c1d691e58c1d1dcf2bd36a33a2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      468de7961adcf925aa9627fdbf6fa366

      SHA1

      50f0d6642034bb110c5ca9f5622dcd79ed763f84

      SHA256

      da4e4c1a13abc6900e698b9133ad6e72e6edc62b9fe84f31c57763d498c054ae

      SHA512

      b339c11dbb76277ce1eb9703799f35e307e1cc0a35d6b4a7959bf31cf49cf88cd04872f9fa0312cb4247cea466601f650e886b375e2333660ab0a02160782e26

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f75e7db43e2f6b337c2a8726347471c4

      SHA1

      cae4883d08d20c407f685f12f943728de10fba59

      SHA256

      22668d3b2b968113575b5fcaac28cbb47c792fcb90e3f91b23d01075a2c0e4ba

      SHA512

      f5b7e3b8fc67f6addc038129c60573ecd9fc244b1c32e339d56aa3f0d37bd1df4f4cd31f636671ab3183dc95ff0c857ab4180388735859d09244acd312666a34

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fc2042434f8029b5cee8bdf400b0a502

      SHA1

      a853a426b22b7643aa4e6036a57be362bbb3e8d8

      SHA256

      e7ce6de5aff9c821c82a3ba97a5923b7630007264c51ad6ff7cf502660fea23c

      SHA512

      fdbe40f4e63458fc9d29263575c5898d1c3558656fa457f725df6e39be637f4e38a121fa2108139730e8f2c8ab4d793b98990f50d2e9ee9ef868130c3c5bcfb0

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab80B6.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab8174.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar80C8.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar8199.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2984-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2984-11-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2984-12-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2984-8-0x00000000002A0000-0x00000000002A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2984-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2984-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2984-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2984-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download