Overview

overview

10

Static

static

3

1c5059e79e...18.exe

windows7-x64

10

1c5059e79e...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06-05-2024 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c5059e79ec259507792b515d923a9ba_JaffaCakes118.exe

  • Size

    372KB

  • MD5

    1c5059e79ec259507792b515d923a9ba

  • SHA1

    6667162ac19d1c82a0784280dad966e5701d2344

  • SHA256

    5e4902b170dbe49daee998f7422999013067a8b3109389eba5d809c0deda82c0

  • SHA512

    6466c74115efefdc1a6c79a8ca0b712d68152a92836f012574295adfa2882e5af780f024f9e77e73dc445795158e4b7a46052f7b64ff5a87602d000334e0568f

  • SSDEEP

    6144:QfsvEug4/COMAIOVW3Uqz/HJpadR5FzOgF:QKEufaORxezE5Fz

Score
10/10
gozi3181bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c5059e79ec259507792b515d923a9ba_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1c5059e79ec259507792b515d923a9ba_JaffaCakes118.exe"
    1⤵
      PID:2936
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2584
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1192
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1192 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2068
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2120
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1736
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:872

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a103c4109d1b8e3bedd02762a0c2fc5e

      SHA1

      acdc4bd7d52d3db65b697039adea03c7867f565e

      SHA256

      068f5c2c7a4bc4643d89652fd7437fe74346cb2d2aab3edbc66ce817f4cbf3cc

      SHA512

      1ed43d3db24014b011db294cc6c8d292708615e69ce65d33640f237e796ce3b285009e568c168f2642b62abc9ded59e202c8e8fe10123c5a9e34b8b3349f7e1a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      45e33842d64bda28d0f510ce0011014c

      SHA1

      3fa3e3c232b4f57fc039d50708840d00961ad641

      SHA256

      757f4b62d66b75cda8f456c6ff8db8e8549028e630b41258b936a3af2b4d6c1e

      SHA512

      bf179dac956220fa5ec124c87a47902f5e35070a492edfe7383e483f501bbb032b9d9d29b406f499e04b99cb0e5e87113a8e06032aa5cb70cb0d6e2a3d507d46

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6c53b38ac20fa882c2742533ca28677a

      SHA1

      39656895fdec9803e7ba927c303b62b63a2ed046

      SHA256

      8a52a244030126ba93e54c9f39a4f7d9b2440e26aaee104656dcc59e179e25b4

      SHA512

      763f916cc8f93ae91bf1a0c38b60da172db0d20f62fb5f7301c70f8dfe5030ce2aa6a9aeca1e4fb722d03d876935f4810126584962b11df0d0799c9675be2c50

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4b6542c59edb486be55cd543d0247e90

      SHA1

      39a648a6b57b95da8e6b4d0d7215f806a34c3c65

      SHA256

      e1df95f928252a7a0065c976d04a2a879eb0a52b9ec8d9fe41ecda49cd2fb655

      SHA512

      5b58c40fcb552cc242177d73bb702b2907ba0a5ba29997e83efb75cf26e125f4c9a51e10b9eed1fa81a41d3ba6bd6e2da0e2c1342a5808241913ee68e1ad3514

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e5d28fc7d52a13e0aa7d506eae614976

      SHA1

      d892f92d921803b7309616ce721d58d47982a37b

      SHA256

      713867f0332a7c5f358b651f881dfe472314c1acbc3ddbe74f9a68db1bf7dad9

      SHA512

      8eaf29825cea802dba791d51228c62d7005b13ab97a7c8c2c20390ab39c386686da04e88b02ffeb0f32ca5f2456b827ee2d5fcad7badb3c8cfdc1cd220ad968b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9624b165acb0e2adfb509100bd195beb

      SHA1

      b161f7577e67c1dc40838e5f03111f1dc8d92c06

      SHA256

      1304f7a1f604ac47acbb5cfa14adf42dc14dc34a293ee9452331d7dd222591dd

      SHA512

      8053193e4bebd5186196092f7ce2a2f33650ff4c08445ad1c4a41d301ba2ba7da1ea7f263180525da69276b8293bf798d6bf46370bca92614c44f0a19579670b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      54f136b4d1c6671ad958725ecbd76378

      SHA1

      953f23692623e13c7aaa9edd9860d4d929172077

      SHA256

      9267a21405ac2b639ea376b1863e8812c8328f0ffcf6843736e7138d90e970a3

      SHA512

      9dfd52765858df089c89d6aaf52b572e1b7bf0feca3f1a1812b4ee56a85d56fc8701c86cbd0eb77ac7737e78549d4ca05b3bc2a8a18ecdb44c0df6f2afbdb866

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1242d801a2cdd9e0eac1b1efcec4a073

      SHA1

      23540788682897f92e7307e001a505fe8049b4da

      SHA256

      cb5d1b26d9c8cd967c534508efceef025a6b95d29cb4c689917d8a8a148342c8

      SHA512

      18681808c73527180685937b1ae27d353b18cfec74cf2a4b8fd401efd76ebf9affd79550b19d735e0b8394b3451c681b18059c41ddc70389eadcc547d9c91db6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a2b34c96c185634765d8ac85158644ed

      SHA1

      bdbeb247e6ec80e553ebd1c6af55f63352e521a5

      SHA256

      c68925eb1efa5c5bbe5c09c560e1e3de66511cd4a9929a52ea1378f6c9f828fa

      SHA512

      fa316fa1b33eee304f31a33d01877ec8656d61ea457c537ddddea82ee89ba09ee69e0aa940e48f8f9b94ca37f98f50e0c5b6635e85421f783b89402e2a05dfcd

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabC65E.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarC722.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF791AFAEB3457340B.TMP
      Filesize

      16KB

      MD5

      883ab20cdd03baa317838de03a3ae335

      SHA1

      c766f23c513952d54779a6e6bfb1afa9eb34f343

      SHA256

      f2a19ef9ff55438c795f4b5c50f96363f2edb63f1486d7e1641d5eb0f85e2e37

      SHA512

      e77c892ba302c6d23cab8114ea312be65cec9a8724438fe8e411b5ff94fcbf391c537f8009b3e0141d539f92941c4f84a40c0964b47457eed0e1a2537ec1879a

      Download Submit
    • memory/2936-0-0x0000000000400000-0x000000000046D000-memory.dmp
      Filesize

      436KB

      Download
    • memory/2936-6-0x0000000001D70000-0x0000000001D72000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2936-2-0x0000000001BF0000-0x0000000001C0B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2936-1-0x0000000001BA0000-0x0000000001BA1000-memory.dmp
      Filesize

      4KB

      Download