Overview

overview

10

Static

static

3

3113b5d538...18.exe

windows7-x64

10

3113b5d538...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 21:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3113b5d5384728960a57437431bb30a1_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    3113b5d5384728960a57437431bb30a1

  • SHA1

    ad8178a89f508ba3feac05f092b39a4f55705852

  • SHA256

    dc1daf2720d27e22b403a5ab6a7e233b048ee4640739f67fb6dd53adfcdb56db

  • SHA512

    52d5fbd3241ef0749e2d79cbea6083fe5f114b82da5059737e5b198912e55397b55ae989fbeaf215344dbe00b90498ad1208a0891ede080fa8b464ab9d980990

  • SSDEEP

    6144:/VfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:/VfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3113b5d5384728960a57437431bb30a1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3113b5d5384728960a57437431bb30a1_JaffaCakes118.exe"
    1⤵
      PID:2028
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2756
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2644

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      27fd83bae1ec5f56e3c40bc84a2b60e1

      SHA1

      cf333f02a6c7b234268719b3d32fe51eaaa72a59

      SHA256

      869799a7eb6cc3b81e859c37de998dbe509836283ab718c81ab0ba6ba92746ca

      SHA512

      473a290563b65574ca06f32e3a4c1401d8b7da76105f3840eb73bb8207e166dc6d2decb392bf9a81673ce9ed15f6f24ac6ef1b98f2241874c619da7d648d0b31

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      def31f0def8eb75d37d588309f5a54a0

      SHA1

      e38947a4207bfb5f9280b2cc36e6b81c240dd34f

      SHA256

      3729ef53d508af2c68733a8a8fbadc21d73c7a7505558b298b80eb2ee37c6816

      SHA512

      515d475c9597387805a849f8c5ab28aacf9e3c0696dfbf2c18f116330d035b5d2b98ca97901d380cabf35cf1922752a0547ae525298a265847f3d6b701ec9fef

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8303881f1f3388d476f8aa67a5c751b1

      SHA1

      d76fc116295ebf5ad493b26712b6156436bce6f0

      SHA256

      04b65bbf26d04e836ad45968e57a751f5d8aa52f7c45224b59d6e481d998e79f

      SHA512

      0f0ebe05f4e406f7353684991c358f476328a9524dba1f252c20eab8059b1a138c017d16eae1b1b1486a5a16ef59b86db470fe9185e3606c74a3ec146fc102b6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1ceefb073c4615202d7779b1b2e6f17a

      SHA1

      44c6f8e0e9beae85791342d1b26cb3b8a0de1b9a

      SHA256

      48860be8282e94d7497a7a0a42218654056b4b63ceae966bd5e7b0dd29d68a92

      SHA512

      9d8e4173864927ea3e0bc25df540836d2b7d23fbc61ce7bc29195568c0ae4511dab63a44c8d33956a4d6da4c71c3a9e298ce2348b90e1772a19c83f47e4a5cbd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c75bdbc93a9c827f9f518c8fb1a4af03

      SHA1

      a98cc6629926d92bad01aad5b2ecc0448e6025ed

      SHA256

      35412ff3485f2404b5552e5d56555ea00bddd6246084a39c71492219760a8369

      SHA512

      ee46f28dca8ca3d68907e2b3f26725c24798bc102f6563860f5d49f357b515c53daf95b88359bf5b4c40672cdd7fb279aba28ecc4184d1c7ab014abba90ec9cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      477ca86d00e434607aff97d344cc2049

      SHA1

      c2a38b738f0858f828ee38a5964c7c89dae9ced6

      SHA256

      f3ddde536747e7759f4f11e90f2855ba9d9c287822f513a9a4091af6c5fcf982

      SHA512

      837a25476da4592321146a2e58e26e4fbc7c0cc2402ab592e3d5cd731aec0882e16704cedfb5a57fd7269b5c5ba2dcbd687b5929d276f00fd5a95be6cc434ecc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      12398ad67a6810d1e749bd1f1b1022c0

      SHA1

      5a004c73f7b0f8c3933c4c4781d56430dd566787

      SHA256

      a33a908ed12bb9915500dd0b02002761f1cbfb6eb54748d3f3275ff40196884a

      SHA512

      3bd6128fbe7a6736af4a2040e4ae0ea0f7ccd22d4c4112f58ba6b262f6f8e95dfe787144dbfcc64eca4db24a52775c794197bff60f47fdf846f8dd82d95c0015

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f00707256e809790c3df0712454f701a

      SHA1

      41a67f3e4f032c8bb58c6c7e6ba08fdf508cb226

      SHA256

      cc0831bf8b5803564df8bbb8208164ae48c3cdd508553ca4484eae53eb116647

      SHA512

      07ab676db866e52d35e57ccbffd42cd4beb034012badff2403733e83e0eb7702139299bea80f0cf105c12dd2dd719388f227671b2c7b654786647f00c96f532b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      95a859c4b51215e6688f2b20730439ef

      SHA1

      e45c9caf64d5d98ff804e01dcefc919f7a4c43c8

      SHA256

      5ac46bce3c63ad76b0be760590a2de57f09e576dbe74fb5a1e7c0aebf8fd63fe

      SHA512

      dffa487d1c79fe569f2376abe6a5ebb1033bd11dfd69a150640d5e6b0733673a987a302f19461366717ec05f338b249f47c0633fa2ccfe85d1b24aa1115342a9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7A70.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7AC1.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • memory/2028-0-0x0000000000D90000-0x0000000000DE3000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2028-6-0x00000000001E0000-0x00000000001E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2028-2-0x00000000001A0000-0x00000000001BB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2028-1-0x0000000000170000-0x0000000000171000-memory.dmp

      Filesize

      4KB

      Download