General
-
Target
3798e1aecb5fecad15521d60ac7c5866_JaffaCakes118
-
Size
971KB
-
Sample
240512-b5swjsdf26
-
MD5
3798e1aecb5fecad15521d60ac7c5866
-
SHA1
b69c8779034459fcff2f42b54ebce9441db09a58
-
SHA256
6d5eb3822315630c471781df06306ca9a7c23f94f320166ed0266e9fdb25abb0
-
SHA512
437d0d750f635c19ba42bb04af3089f64c8c17277597ecfefae9d57889cc2a16954dc65aa6b77d45982c643332d58935ad37ac04016be0ebe0c53727f31be5b8
-
SSDEEP
24576:dGlkSyXOKByXVHmuUAQrFZ5J5EdGlUAGPatVWZ:oyeKByF5U9FZ5J5AatVWZ
Static task
static1
Behavioral task
behavioral1
Sample
3798e1aecb5fecad15521d60ac7c5866_JaffaCakes118.dll
Resource
win7-20231129-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
http://ey7kuuklgieop2pq.onion
http://shoshanna.at
http://maiamirainy.at
-
build
217027
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
3798e1aecb5fecad15521d60ac7c5866_JaffaCakes118
-
Size
971KB
-
MD5
3798e1aecb5fecad15521d60ac7c5866
-
SHA1
b69c8779034459fcff2f42b54ebce9441db09a58
-
SHA256
6d5eb3822315630c471781df06306ca9a7c23f94f320166ed0266e9fdb25abb0
-
SHA512
437d0d750f635c19ba42bb04af3089f64c8c17277597ecfefae9d57889cc2a16954dc65aa6b77d45982c643332d58935ad37ac04016be0ebe0c53727f31be5b8
-
SSDEEP
24576:dGlkSyXOKByXVHmuUAQrFZ5J5EdGlUAGPatVWZ:oyeKByF5U9FZ5J5AatVWZ
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-