Overview

overview

10

Static

static

3

2edc559732...18.exe

windows7-x64

10

2edc559732...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2edc559732a0e9e45fe8ca0121e2787e_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    2edc559732a0e9e45fe8ca0121e2787e

  • SHA1

    f38cb4897c111065ff830df36921ebadb3f0ad31

  • SHA256

    e4de14ee872b74e8d8a9c505eed50055842ac748d7d97fa7bf6c0898e7136d50

  • SHA512

    4fee361658d28068c7f5b90b476732f294b5bf6305f6450d76f91734df9a77702a0ba52a8cff0ee7ec8b3e1b4bde96fba40c6d4fcd60a92ed7d82cd70c4b1224

  • SSDEEP

    6144:/VfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:/VfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2edc559732a0e9e45fe8ca0121e2787e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2edc559732a0e9e45fe8ca0121e2787e_JaffaCakes118.exe"
    1⤵
      PID:1252
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2552

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b1e78457d7ea5bc8a2662e8eb402087c

      SHA1

      6c6c2e511f4893ff2aa0a0e6439cd973c8638b8b

      SHA256

      913402044ba7da5316cd14352f0ec69c46e0c05ab2589f75bf031c6887f4b059

      SHA512

      0b3faf60752a4c9fd696c61d59fe243190bab2407153f08bf98f0c4e1bc170513909ecab5851eb3ec8f3fb0abf10047a0edf6bbb7816bcfa2df74839af4a3060

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1e57635890601f2f471fb0997caef659

      SHA1

      67969bebc5a9d374d0e63fa54f4325ff1fae5bcb

      SHA256

      b5e8b979805e00a53f13dfe11b7e05ee061299673fef80f01563506e7a665867

      SHA512

      57fd483292038330879584ba05765cb634e61e11ff506756cacaafd5d62bd546ba73b4fe51c09e3d44cff6bd3f9a48de2e150b57a0eca21ebdbe8029fe2bf655

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      93dc6c1a0ccf4d2ef027215e3d3b12b3

      SHA1

      02e7df512f7c5f24f96ccc8b9bc5a3dc64bfb017

      SHA256

      74260638ecdc6089cb9336b7c1752df87932e073e8df29cd9b634afe70b61079

      SHA512

      226c4785b620ab130d4e06d3d72c4e3857ce1279f2de1418193546f67a14d55ff7e9538857520eb8ef1769dcd15499b6b74bcac11be30809589cef7cad28cbc1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a81846e560e2e13093941ad71de3ebb4

      SHA1

      5c80674c3fb1325d31c6a5b0724b95ca747412dd

      SHA256

      f6eb2123deb2beeeea6a4b1a8b4acab17fcdebd6a852dd6fafb0d835edc83ce7

      SHA512

      401f051b4fb40532471cc89ce009f3df2e02d83a01fec2c4d620876852e6e26a65d0ed7d076b6d8e1a8576258f00c589363b05620425e9c3b9e3041cd9c5a6cd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6f662f73a45433a442e76316850cedf9

      SHA1

      69967a92788afb623ccb500d45d0710ee59258fd

      SHA256

      f1c5ba217438226b5b34c083e7a57f2316cf815743ca6ac080b8c45f55002c41

      SHA512

      8f67dd7e75a8d44a33b95eb00a2d72c6d00ffca88f44a4ff2133b21319163c872e676bc10595a0017d381b3f71ece79b8f80e3ae74a8dd272d4ec6a6c2d64670

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      38e68f772e78e6aca55c6a9f926a04dc

      SHA1

      7f468bd757c8d3f40639786664d970b25051f70a

      SHA256

      47017fcd670e4ba28129fac8c5a5375990eadd277b5b8dc7b6662d1f5910ee11

      SHA512

      2d4928b29e9458836bac97b8204b93225dc7fdc09808e6cb78787e7a32ce639353f13a3bd5c6e763f6390fe020f65cceba30fbbf0b292dd993e84e06c8d860ab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f0e2f02792653144aff34bea24fd5e33

      SHA1

      a6fa50927fc9d5a472a4c7386bcbb76fdbafb88c

      SHA256

      21997b53a49d7f7d8de971bb23cc12c91d72c471d7046621a0055f99f6cabea2

      SHA512

      3aa8cdb12a5cfeffbafe691b6d19120512ac374b7cbe10b3225371f1257dc48108e23e915700f651c2c8199397b2a6d639360f9bdf4c9321cfcbb1815f445ea8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ea3d589fc5e866b97f1e634774269d01

      SHA1

      095b3ba147499f76cafe5ef4df37f3fe997fffda

      SHA256

      1b1d2bd390abf6f0d3f62f38c638ca86c756cf47c94b58ce69c42461a137b3ac

      SHA512

      3b5b647d78be761d9d31cea31effd718aef5d6ece0d39d81c39fe23f9dcc488037494c4f5a946b3718824475662f75cd23525398a58bff97552c7b8f13a73f0a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7ba808081cc6cdef69bc315e73f9dc11

      SHA1

      4a9c880476696a2531dc0d8d82382d4283784352

      SHA256

      fa87a55e4fe9ed693d1e19c657e7327dcd10d4eece6e2d3076699223b87016eb

      SHA512

      4528d681512551842fc96b854809b3a261ee49841b8c39caa26c7a32db02c44f46da1b40250926fbd205847cfb13f2ecc8e5f161a7f860e30430c2c352facf42

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab32.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabF0.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar133.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • memory/1252-0-0x00000000000F0000-0x00000000000F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1252-6-0x0000000000160000-0x0000000000162000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1252-2-0x0000000000120000-0x000000000013B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1252-1-0x0000000001340000-0x0000000001393000-memory.dmp

      Filesize

      332KB

      Download