General

  • Target

    259eefe10f39b192d668e28b58095057_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240508-tfxgjscd7w

  • MD5

    259eefe10f39b192d668e28b58095057

  • SHA1

    2c2b0f25b3cb610f11e2f124410ad20cdc60804f

  • SHA256

    c61185fb3a44086c4a8e3002359c65af346487bc19193d1880c1bc1294903ace

  • SHA512

    4bcea8398f19be2dc716735aeedfd9a1687fb2b02029c4339944e2cdb4a68bbd36d0b7dafac4545a1dc9a3d9d6850a7c121f284af9630a7b32b4ef663e13d2e9

  • SSDEEP

    49152:N6SUCSqlZ/c47o59neuLAgncoBDE04BhbHBz0SPbN687d/XtA9SsIWDulSA5:5UPqlZ04s59eu3nFBDE5OSPbN68XA9Sh

Malware Config

Extracted

Family

gozi

Botnet

3320

C2

vzquiarisb.com

ghousydni.com

z2814jjoa.info

Attributes
  • build

    217173

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      259eefe10f39b192d668e28b58095057_JaffaCakes118

    • Size

      1.9MB

    • MD5

      259eefe10f39b192d668e28b58095057

    • SHA1

      2c2b0f25b3cb610f11e2f124410ad20cdc60804f

    • SHA256

      c61185fb3a44086c4a8e3002359c65af346487bc19193d1880c1bc1294903ace

    • SHA512

      4bcea8398f19be2dc716735aeedfd9a1687fb2b02029c4339944e2cdb4a68bbd36d0b7dafac4545a1dc9a3d9d6850a7c121f284af9630a7b32b4ef663e13d2e9

    • SSDEEP

      49152:N6SUCSqlZ/c47o59neuLAgncoBDE04BhbHBz0SPbN687d/XtA9SsIWDulSA5:5UPqlZ04s59eu3nFBDE5OSPbN68XA9Sh

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks