General

  • Target

    37783c68590e5b14368f396087cdc4be_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240512-bj5cfshd2t

  • MD5

    37783c68590e5b14368f396087cdc4be

  • SHA1

    af30106c02ebab6e4cfb529a90ba260d892d959a

  • SHA256

    22c615f6e727622f72507536b4b5f1cd37e8a292d6df8c7b7ed86d46f60d40a4

  • SHA512

    8009c46f592215e783e84146f0a468b318b28f69a1ae95b2e3c2405a33bfa5f42feee3ec2531a82089676306f8a4a7f7725510cbf96e86b0359ff4af55dd9691

  • SSDEEP

    49152:4SuE3QtrqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L3MqPKIOson6Cslny8WR6wOHstehsC7

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3184

C2

qfelicialew.city

mzg4958lc.com

gxuxwnszau.band

Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      37783c68590e5b14368f396087cdc4be_JaffaCakes118

    • Size

      1.8MB

    • MD5

      37783c68590e5b14368f396087cdc4be

    • SHA1

      af30106c02ebab6e4cfb529a90ba260d892d959a

    • SHA256

      22c615f6e727622f72507536b4b5f1cd37e8a292d6df8c7b7ed86d46f60d40a4

    • SHA512

      8009c46f592215e783e84146f0a468b318b28f69a1ae95b2e3c2405a33bfa5f42feee3ec2531a82089676306f8a4a7f7725510cbf96e86b0359ff4af55dd9691

    • SSDEEP

      49152:4SuE3QtrqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L3MqPKIOson6Cslny8WR6wOHstehsC7

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks