Overview

overview

10

Static

static

3

2e79e2372b...18.exe

windows7-x64

10

2e79e2372b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 09:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e79e2372b2a6f8f1fc3cc91a256bad9_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    2e79e2372b2a6f8f1fc3cc91a256bad9

  • SHA1

    5618e603826edfe9fff68b5f91e7430198a17a5e

  • SHA256

    01bd969e50eea03c1912cb515e547b98e353b93c8ce4e2925b706a997b38697a

  • SHA512

    5c1422ae1d54fa367f246160de2b86873f06ec1166b29a5426ed11f20154a20d54825baad248f098fceaaf06ec210a104c228696a81d0ec7bcafaafb1c1860a8

  • SSDEEP

    3072:9hji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Vdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e79e2372b2a6f8f1fc3cc91a256bad9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2e79e2372b2a6f8f1fc3cc91a256bad9_JaffaCakes118.exe"
    1⤵
      PID:2240
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2228
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2368

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      03c53b6b961fcc7b36c712509598b812

      SHA1

      3a5e3b0d7420fb3ffa8931c7dcf89118eb53cb22

      SHA256

      fe796af89b9c2cfa02fc870e38da8991f42580ed8775c003c46c3b7ac4f14ae9

      SHA512

      d3962f10ccfcb972bccced2fd309c2ebf75b3f720ea85709c956f718d5fe352cdad85be3f60493598877dcc393563ebcd7cddd765310551e32d0ae5f9f8c66b2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      553019c76f24e59b8ed2929ff6105667

      SHA1

      428fce327ec70542530cd36d1914bd0fd10a499d

      SHA256

      d381023b8864490c71740a4b56f8794fbe0848b2bfba6ad6cdb3725120af9e13

      SHA512

      7dc9a707a50fb2fba03af91af762409384de8327ce7960bdfab50042f349de86eb776bb9a7a95ce3f728400325d1fc3ffd0ba004591d28fa25af1e2698322b11

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      063430158ee52ef1ae209d9cd6b78a3b

      SHA1

      58aebcfac09ccb3ac46cad07d4337b6b6cc5df50

      SHA256

      225b0b58f54913359ac3c6e17e3ae6ec3524a047be1022173a97223247ed0af1

      SHA512

      1689240445137da33a97cd1ddacbf6d14b77416e50c77cfe8b756841b713052f77d7a597112aba9c5f7b41c56cb527ab4dd1a33e75251c8fc4d84d1721136a6a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2151064ac8c13ed920d2d8447ac5d561

      SHA1

      9682a90119bad84fe0acd4f505f76a93e4b8b6d9

      SHA256

      89ffd80dd65c3757d49cda2d60780caf5b347ff350a543094102c8bd894cf0a1

      SHA512

      26ab14d70b3fd586d0f61e3b1f70bbb64b1707f4f79961d2acfcf105be656c3a0139776a090fc4790f6d1cd206881775b59d315b682b056406f21955fabfcfe0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      863ba5b9a8046e91d761a312d0c90e73

      SHA1

      538f2c02a398af7812bb78307ebb540c305a7abf

      SHA256

      af675a6484b4a16ed1e2eb0a1b128ed9296141874c4b4ab2cd56eadc9720786b

      SHA512

      ce2fecc6b6e29885a419e1efa82ea6ad37f9524d855d6a0ab3234e5d2abddef4f4fa04fc91c9c8dbea91a534f61b00e8548889d0bcd050ccd26a5c4182f63baa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      32d618d3e3aa44d26bc3fcf84ba07435

      SHA1

      13941f3c9f5a5a9d3ded722bbf922a499d7e3105

      SHA256

      087da30d3b492a3ee180e92b6337a3a65ec19cd1f866a857f53a80dbd7407aed

      SHA512

      cf2b2d1e252fb58b5dd52f05311ffaad9ded89fa05db44aa1fbd25fbcef26e359cb25200beb8ae52d79c117424818c1ef294f128ca0fe5efc507d6cb13cb48d2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      27159de347fc66864b0fb1616aa0ab3a

      SHA1

      65416e58132caefa0ebcd132bc1c9006ea5981f6

      SHA256

      aa64480acbbb43cbea39278986769008a5d9353cc48fcf94785a3f2114b646a2

      SHA512

      caa513a9f191c25dd67a4ad7cf11f6e79d1e4ca3e54dde394e2b565b36d5011d7341a77920256bcd4a8bbad2c2824adf9bc689c621ba895f82fc58e43f66492a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      739ebf6803be2cea53fefd1ac8aa8205

      SHA1

      794d75dcd812c9347816021792f3d226113182b3

      SHA256

      34126fd190d9500a98f597e01a704954280ba68e412a385ce0dbadf3cb01287c

      SHA512

      f96b23e5dc56cbe913654a284d1f4454d36f6f9f57d33897f05ec765b57b0cce36c3f744f054fae851f3b0e5acb246edde84cb87e4330c37c01c4b6975befc6f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8E5C.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8E5F.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8F01.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • memory/2240-0-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2240-1-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2240-3-0x0000000000270000-0x000000000028B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2240-2-0x0000000000435000-0x000000000043A000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2240-18-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/2240-7-0x00000000003A0000-0x00000000003A2000-memory.dmp

      Filesize

      8KB

      Download