Overview

overview

10

Static

static

3

1d87724956...18.exe

windows7-x64

10

1d87724956...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d877249565093330b75714962f4b005_JaffaCakes118

  • Size

    648KB

  • Sample

    240506-vqkfeaee57

  • MD5

    1d877249565093330b75714962f4b005

  • SHA1

    974be85fbfae8d40cc8a43b2f8e55006b7584c37

  • SHA256

    9c989f83eb76db80c9b4fb1b2bea859a1b3d0e4a9af4be4327586768d36b9522

  • SHA512

    b6cde3cc15cb94b3ac4095866e1ee1ba735ca222040133de7b4fbff867320efafd1cdbe4c80bb4f0917355619e962949948eb81a2f8cb9d1cc86f55be60456dc

  • SSDEEP

    6144:Q5mTEpUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wEp3kEDnQdM9rEju0TH4l

Score
10/10
gozi3189bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      1d877249565093330b75714962f4b005_JaffaCakes118

    • Size

      648KB

    • MD5

      1d877249565093330b75714962f4b005

    • SHA1

      974be85fbfae8d40cc8a43b2f8e55006b7584c37

    • SHA256

      9c989f83eb76db80c9b4fb1b2bea859a1b3d0e4a9af4be4327586768d36b9522

    • SHA512

      b6cde3cc15cb94b3ac4095866e1ee1ba735ca222040133de7b4fbff867320efafd1cdbe4c80bb4f0917355619e962949948eb81a2f8cb9d1cc86f55be60456dc

    • SSDEEP

      6144:Q5mTEpUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wEp3kEDnQdM9rEju0TH4l

    Score
    10/10
    gozi3189bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks