Overview

overview

10

Static

static

3

2ad9ac02dd...18.exe

windows7-x64

10

2ad9ac02dd...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2024 16:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ad9ac02ddbd161671b8f49d07d4a029_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    2ad9ac02ddbd161671b8f49d07d4a029

  • SHA1

    4771302dd9f46ecce1cd6f8b8fa6e489c38f858e

  • SHA256

    62def0e10623e269ef0b5e4e02dad924498747ae3213269ee21d505fd19c44fc

  • SHA512

    1df7a8d4d0488f3864eb62785f0cf5ea6dd45a0dcdc6a16def09ca681d1701e64ba668a907a1c2b7bcae5cea1956e05d464b2d06204c1f31b98cbbdabca6f61d

  • SSDEEP

    3072:9/ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Ddp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ad9ac02ddbd161671b8f49d07d4a029_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2ad9ac02ddbd161671b8f49d07d4a029_JaffaCakes118.exe"
    1⤵
      PID:2864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2872
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2484

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4c5871f39bd142a95b0073a55ea03e33

      SHA1

      fdc21c61d6830ff30966f99e27186525a84c9966

      SHA256

      670a60c2dee2e986c80a2ece596ffe4634a2ea3c48788c9693230e03b0ee9176

      SHA512

      b26df51224e05248616d9875ef8408aacf8a87f02d9dbc394b05fe5961c946aab7a7941b04798843e3d58b1090ef4c9d0395767e89883d7243997f4a27df6dd1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cb930afd88d204b33451de3274c56b88

      SHA1

      ac0208aa2349308b85abd84d89d3063842b7fd43

      SHA256

      74e8108539cc1f2164416d2da7b5b80d05b4253228b92a0b4e91df8360469b4d

      SHA512

      4d652c5bf07ba085410fef807f920e0d269e233d17e4e3816cf6fe41ec42936987be3e205d93e1e73a1d89fb8dfe581fa9bc4115fccf89ea15f0e1feb59d73be

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2cc00c75184910d97d6236287def091c

      SHA1

      fba3dd5736eb289163a77672a56bcc6168518335

      SHA256

      bd038617e14e615d92bc72d5d4b4adc22e9834deb3aa785d5a8efc2576d28e79

      SHA512

      a6bf7605999ff009359b3d02cf8b4e4d89f665a287ff26106c62b747381e3412786367a8eb8346640268cdd00c434f27535666bd000cfc71ec9bdb5baa9bfa72

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      04881079c511e5f1dfc25b88202f16be

      SHA1

      25bd7eda97db19caa9bc9fcd4f1a30ce9950d739

      SHA256

      09d47b167a94b3d466f364dbcd773835859f6de318370a9fa4ca1ddf63cc8fe8

      SHA512

      84701fec392739fe3f671f8e27793699cecd6cf356f0a3f3678826a03adcc2b8654a155ed0487713d7234ac441169780a5f69b36e549add36dd358399b9849bd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      39cc38bea2e048588b7b786189bc93d1

      SHA1

      0d887969567a0586cd8232cd53755ae79edab0f5

      SHA256

      a43438db170747544dea4b4cb85821c511206a3444dc87c658124e54fc4758bb

      SHA512

      ce5a2e26c0146bbd39a4c0a478d8a2462699f9f613b5e6fde8175714438f0e7f978e5f1ef5fa64b3be6e0a54e83ec3867831f47fe75180ac4e7260f3ddfcd1ea

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2acfbb80ab737857f94147f8121b00ce

      SHA1

      01c0f7884797f6c719ff5c08aba98ffa3bf18287

      SHA256

      2367da6f462fa0b47f2c98ccda6c29616ad2e3b3d1fdc2a651d822003b400745

      SHA512

      ce95c7b67b25136455653d4436fb032438c2ef0a891287acca1d2ebb846591c438e1e1aa1773e08b5b1d1381cc84dcea537e56b08fc3a65d85b6c06b506139f2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1d729933769f33afba370c6b75c01c70

      SHA1

      45f88e177cefccbd29f8ea056799c785d013c744

      SHA256

      8e752b6f4e961b179dedce946ad3a9f68d75bb567bdfce691d3dba21964b5806

      SHA512

      0ea56d729455e8cd6353d0b034a4f13f52d8c3786b17265b839dde0deaa1402ed609450199c59df17fa321b3c4e554061a7787e54a12e5d92cbeab93f3bd23bd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4f911dc03d71153fa7333cf1084ab9fd

      SHA1

      37094332e40a7c96b5ea67a7531362854c72306b

      SHA256

      72e04e882e936a1edce5ac3073cb0e619b124e08acac9929abb2ae3f40c27d28

      SHA512

      548fe089b5dfd06ff2fc939a3e2802eb5a43cc3e83492c68a40e1fb07329d865db57866fede208b88f279f05bc3d502f3cdf393615804b87012e72624b0f0e9a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      73a2f2abb28973e7d19c032cc5bf2739

      SHA1

      80d49bd480da6d70b3febe27d41d574e9cf28840

      SHA256

      28b427aefb5e0a2805cc29a3721dea1eaec00f0493aea49013a7d17139e6fd06

      SHA512

      49655be00f39a5830cd76a7c26bd018710f681c694e3e6d2572bf95f6845fe3ffd16981e459f9c04ecdbad3e40481b2e5b435c9f75a56dc3699813f4dc0539b0

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab93D8.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9497.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar93DB.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar94AB.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2864-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2864-13-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2864-8-0x00000000003C0000-0x00000000003C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2864-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2864-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2864-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2864-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download