Overview

overview

10

Static

static

3

2bc8cee04d...18.exe

windows7-x64

10

2bc8cee04d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2024 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bc8cee04d1268e58906da502cae5fc0_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    2bc8cee04d1268e58906da502cae5fc0

  • SHA1

    c3f9dcb9a71449913a1dfefe8f45eca41d2c1186

  • SHA256

    3665125d615fbe020d0e2eb885aea3aefaa032ed78f2b1427ff1163ef1a44780

  • SHA512

    ee198df0bbeb54d0367ee770325925765209c11aa6d7ecaca9a1b0632c0c8110b67763ff9390c43373389abbc396f15ecd3620db748863a5d8695574840f126e

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0s2L6BWnqR+yV:BHXDy1qVvZnOe/HEyoPWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bc8cee04d1268e58906da502cae5fc0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2bc8cee04d1268e58906da502cae5fc0_JaffaCakes118.exe"
    1⤵
      PID:1252
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2432

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      892b8663ea57edcd6ab5d827234b62a0

      SHA1

      268933886103506333c4cbf4d690ce67e4e78511

      SHA256

      c601509ba84a105549d1a9c8592530a4715d02687d2ee0c8666c87096c29550b

      SHA512

      b8ca393eba633da5a0c9258e4ba0a6f5834d7e0005b34e3182d2661df7445c1bc8c4fc70842ba0d33c177bd6b954f85bc7baec5148fa2c6de2aa7fd6caafb6d3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d95b266fff512851be1b8b8cffce48f9

      SHA1

      2fb824f47c4098504bbca286305af6c186702105

      SHA256

      ce9929e278ac824a572dc94b711dbcb9599252ff7cee29f4375cf146413d6d1f

      SHA512

      9ecebb92a2b406cfcdbd78412780281e47f0bf667b87fe41854e7260d7b318587415fb78024bdb22030d90f30b854882881aa1c7c84169bd726c1b2f71f0823c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b56a941a4da143e9987ffa86574e8642

      SHA1

      8c985c602ae5de47aacd3b133e66a0f60276d7a7

      SHA256

      e31a4022ec6b26f09a649d7469842b863d00c140c0e4e0f54dad4b669da030cc

      SHA512

      1fa67c00aed7654b571ed87da40f9422c91c6686fb48751e2eb5b03d4695d27477dc2392963c2fab3e66420c8b85045e76d3cdf901b56d9fc32768934b5700e6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a865baba31992e56f8a5d399e3ef1493

      SHA1

      2f5217c17cb0e57a3d9b3cd2969eab5d12607832

      SHA256

      a267fff2bd95c667d0926ab2c3f24933c6b8a315c9c312c3f2480bb4de64a26c

      SHA512

      f889297653d93ebfae94cf18b5dd965841912f12610c4205d3d0c98152cbd285586bb90a09896ef74d8dfe2385f73cb329b06a6fc57cef46100464e22a357eef

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8bd1e8f7364cbc561857342f93f2dbb9

      SHA1

      bc61d4aeaa7ad772bc901c0b023d1051993f43a3

      SHA256

      39f3fa40a820b0d96c7a0910344ad7a08a628672a585c2182473b6ea9dad9548

      SHA512

      47dbe1b2fd4e9e23237d6c10f5f1a7df7024387ee958708e0f9345258579dfa6d7e06ef21e2deadd9e3a0cbc91538ef5e0d74e73a03786c9277cd6d59cf4f895

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      42418568faaea54829b0bf9f1ffbd6e7

      SHA1

      00df95c25f8c8817435fbb0a26e7795b94deb54d

      SHA256

      1b349a2d4b665142a1b687fda966486f96fd016d9c00c53fb6e6746119ce2f01

      SHA512

      1c702fa7adecf0f6c3ba5601ea0d63c61b5d03576aba6b99086477f3122766d89de4a495aa8b8ab2e4c58b5790884b3e5524e2bb8a033508347a3cbe5e3bf480

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      933b91f3c417907c2f461d8cc0c7c341

      SHA1

      1ce7bd8c839b6858bf0eb24660634a556c2316ca

      SHA256

      e7ff625ba53d0e3445601649eb8a6711bfe5a2514825f764994d9a3ed04851c5

      SHA512

      eeb92541802162b45f5a5321122f02b247038edf12ccc6b452237d8263311724b6d6703a220725ad808fde9a39569f2fbc16b212036c1f2aee5ce91eddf80273

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0627723965497da77e7cad331cc5d012

      SHA1

      1b2375acf142d57d80f070ebfcba6df9f7b267a2

      SHA256

      e924904b8bb597946a1d75e5939b9acca4067e20b47a67266c2273b9149330c9

      SHA512

      b7e3f4b1a0c02c1d3f47b3582856aca4a14f1cf5caa9525c5a9094379093b498cba024a959927b1af3340a9dffc6df1534b8e014fb771e64eca04538c1595d3e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      076dc86aa66bfecdc15ba58008b71467

      SHA1

      ebb9c6ac5e1e29765ce964e2df5318b5744a1a64

      SHA256

      f4b9c692f224d29241aad14178dff99496015409605c27d8c0358018442ff9ac

      SHA512

      95c89b4641a62d2e30383da130e63318a845c03db21a60f01b249f051e3bcfb5511a6f930d665eb22aa281aac77ee38d946d8efe5a07ea432367f77954014b81

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1641.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab172E.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar17CF.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • memory/1252-0-0x0000000000400000-0x0000000000441000-memory.dmp

      Filesize

      260KB

      Download

    • memory/1252-7-0x0000000000360000-0x0000000000362000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1252-3-0x0000000000260000-0x000000000027B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1252-2-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1252-1-0x0000000000400000-0x0000000000441000-memory.dmp

      Filesize

      260KB

      Download