Overview

overview

10

Static

static

3

24f28964bb...18.exe

windows7-x64

10

24f28964bb...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 12:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24f28964bb55fcf073b01f13ff9d6581_JaffaCakes118.exe

  • Size

    376KB

  • MD5

    24f28964bb55fcf073b01f13ff9d6581

  • SHA1

    c828f050684f67ebbdcda83e7b32e3bcfd4af28b

  • SHA256

    4361889f755b6192caa5cc8418fe25addcb3a742cddd9355851965aa656f7d91

  • SHA512

    db48c523215b97e8db11424639f4250fbc0d60461e12713eeeff3abae931e172f8fe8350e7566683a4945d526daef9c4f528522fba346e4e8fffb484ad818763

  • SSDEEP

    6144:tFqTpMmb37r+TiZNAqMRQzRZZxKxMFihFAziDQuLNMEC:t0NDmoNAF0RZZxKGIFAziDQuLN

Score
10/10
gozi3193bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3193

C2

fy76qn.email

dst1894.com

w40shailie.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24f28964bb55fcf073b01f13ff9d6581_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\24f28964bb55fcf073b01f13ff9d6581_JaffaCakes118.exe"
    1⤵
      PID:2144
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2420
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:912
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:912 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2156
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2976
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2612
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1368
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1420

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1ba8fa58102f1409502239031b3aa9a1

      SHA1

      39e13b7bcbe0265556decdacf380dd7874b13800

      SHA256

      d755d41018aa699e008d3f42789d197f2de8d5dc1b8e0cea8025d2066c034142

      SHA512

      e076eb1cb3b74574841f27bdc097aab57c3a63b90c88e99c2efa9f2527f4d5199034bdb18d9d2c76c974b671fd967fdaa112132d5e638516f735fe0aeda5d160

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      97cd19910ab68f551120086c902890b0

      SHA1

      0865af29d7c93a2de81ad972ac364bf992d35e7b

      SHA256

      985156dc8e49b02d05b27ffb252024b676bc3b94a3768a9f11d2d250ad77f49f

      SHA512

      6f97241917b19a7062d346c1d3bd796f12c7ce249b147a9556e04e94b3753c8a7c09669acd5e6a22c4da0a29ad0bcabfbe973da5093044c67bc6ca5d6217d3a5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      59940b6e0a746efa8ddf04f90557a298

      SHA1

      fccdfc27560bc09b75eec2f9af8afa526f19606e

      SHA256

      5c2ff064eef0fd474682834f31b354c8d6ee5f424b03bf5bad1e0c03e10898a4

      SHA512

      ff0e5260e7c92cd16af571dd6cb85e435ebe576ddebc94128176d8a92dee4be45ceb2811c525eaf8490b735fee1e790f3e7acd80378e45b1d04871131bd98e99

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      480a4f73decce9765913f9adde2714c8

      SHA1

      88686de510efa3fed74dd91f190174ec4c96756e

      SHA256

      69d4c48f9eb99df042d2fee0c841bcd1f05107d64a4c772096f85cddedb49849

      SHA512

      39cdd00be9475fac668648a1105cd47139cd8b9fcb6004eb8a1a7a11abc66ff9ca79b44ebe1d03c5dbbe484e830ba61ccef53d47529cfd391a87936bb10644bd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e463d65dadf4f3a9a7c2122ced699df2

      SHA1

      7396e20e0c27eda64d784f37e45e42c8d35ad9a4

      SHA256

      bc936680ea170d7c207bfa057cea6bbfa164b9f59b1bec6aa78f3805f6bfcd87

      SHA512

      1c8a881cb111cf8f22a8e3af5fcfbd3c63936c3297bfd363ffc5320728ed6504433ddd0ca48044179bd374f1245d99f9744d4bb81dbbc6543190e241ad2024ed

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d6eb2473f2ca18d055da100df6b33772

      SHA1

      0d7241ffbc6cc0626a41869e31c28569b7efde0d

      SHA256

      32f189ea2707c7b7677f1981110659301c8c078a5c1dd3f929b27f27266ecdc4

      SHA512

      a3817a6cbe68e4a906089b7347fa4676fbc43e2c64e0a666627d62e072604d67cfcc9b77db579b2fd01f0d9a7b54015a5ee047349adc9f32df1e9a96404f5460

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      82fe63b37d016ffa16d93675012e8a51

      SHA1

      cae887b8e1d5a09e36d07f823e62f7a2de2ea4dd

      SHA256

      7092d6938f830b894ceafbc97ac757b26f92c002f57b07751f0a1e5592de310c

      SHA512

      7218ceefe060c588cf51a0f64650ef80e1f80434aa0727f5af36d958db5710a3a10ab3fb8f772dcba988051410603de50a5dac415a07d1092f55d6a2d8c09de1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c04e28c5a4486ef80f2a1391ddda7063

      SHA1

      08df2de4c104af52913b89ef463bb668fb736e4d

      SHA256

      30cbaac689701a046de3a5439d6efe6e071603e2c47e8ea50d13e6a128ddb818

      SHA512

      781711b24fdb0f99222b39ff47f9500bec7365e6eb6ff10d51f88276b8f790e5056b812ed124fc8ad7ff69f6e1817f5d7c2b58eacdcba438c016b9107746434f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      67f72c68df1fd28a08aac7d4cab35f72

      SHA1

      af5ccd5a1771be960561dfdb202709f51dd82fef

      SHA256

      48adf30b8fb64c7e4b0d8f30b240f45fe589811b3858a2e3511cdf4568b86bd3

      SHA512

      d12df9829df21f799d53a2ca79382b038ee5913c5caf80edda2682191d239adace09b949d4d9758feca035a217083f4e3ee000736312abea61fb223c83127ccc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabB82A.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabB8F8.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarB90F.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF9E7A540B8341D10C.TMP
      Filesize

      16KB

      MD5

      f56c232eae1a284749128b42db00036e

      SHA1

      dc15d31c5f359cac1333aae664412097c6300b7f

      SHA256

      29ea115f26044c550dc7b89574698efa588b7fea1abb0d3700b923a9cd8bfdee

      SHA512

      ce8df38c42c76587f32c6bb22fb74b5ff28d2cd18cefd98470e79e4123fce59b8d15c042101e30ff1835e85da50c83947e0002127381de4937a62d4de16b0d29

      Download Submit

    • memory/2144-0-0x0000000000880000-0x00000000008E7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2144-7-0x00000000002A0000-0x00000000002A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2144-3-0x0000000000270000-0x000000000028B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2144-1-0x0000000000880000-0x00000000008E7000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2144-2-0x0000000000130000-0x0000000000131000-memory.dmp

      Filesize

      4KB

      Download