General

  • Target

    22d90575e4e680655d302d6ebd2a49ab_JaffaCakes118

  • Size

    162KB

  • Sample

    240508-c6hyeaee3t

  • MD5

    22d90575e4e680655d302d6ebd2a49ab

  • SHA1

    6f588e23735f86cc99062470c0d5058fe1b618e3

  • SHA256

    8352a3180f814baee9e9173705b89034adb32e3b3405ae582b77d73b8e6ce6e8

  • SHA512

    4c611fb80e5dbdf88399db350cb685e350538060d33bfc39d0e0be44f26e49825e52ab4ba5dbdae30e1f327e3995772a377b0c685c7d71c9f3c89fcec13cd336

  • SSDEEP

    3072:6CvWuLsdylHCgyiavLlAJY9LMMuZ5PFIJV:6fuAQzyZvLlhlMnD9

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214107

Extracted

Family

gozi

Botnet

3529

C2

gmail.com

google.com

nfyuabel.com

rwoodrowyioay.com

gqx21mcou.com

Attributes
  • build

    214107

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      22d90575e4e680655d302d6ebd2a49ab_JaffaCakes118

    • Size

      162KB

    • MD5

      22d90575e4e680655d302d6ebd2a49ab

    • SHA1

      6f588e23735f86cc99062470c0d5058fe1b618e3

    • SHA256

      8352a3180f814baee9e9173705b89034adb32e3b3405ae582b77d73b8e6ce6e8

    • SHA512

      4c611fb80e5dbdf88399db350cb685e350538060d33bfc39d0e0be44f26e49825e52ab4ba5dbdae30e1f327e3995772a377b0c685c7d71c9f3c89fcec13cd336

    • SSDEEP

      3072:6CvWuLsdylHCgyiavLlAJY9LMMuZ5PFIJV:6fuAQzyZvLlhlMnD9

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks