Overview

overview

10

Static

static

3

3a5e164612...18.exe

windows7-x64

10

3a5e164612...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-05-2024 13:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a5e164612d1b0edd9a7869ed9f5a86a_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    3a5e164612d1b0edd9a7869ed9f5a86a

  • SHA1

    17e36bfd5d916ea0ee8a465b8c565054d1a26107

  • SHA256

    4a0bd71db44ebca42e13f2556479cda473940438bd0bd7629aaefc684e99f0c1

  • SHA512

    6f9b6e33d613d51c73c02fb1bc9570a01f7177fa3e9a4bda3bfadc27febdb8b016399a5dfa11b5dd02c48fb7247792b6c2aefbd5274ff098742936a5585c8df8

  • SSDEEP

    3072:91ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Zdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a5e164612d1b0edd9a7869ed9f5a86a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3a5e164612d1b0edd9a7869ed9f5a86a_JaffaCakes118.exe"
    1⤵
      PID:2188
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2580

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d0a04d6fc713170de3498c68a03f16b9

      SHA1

      622c35d9a76d28cdb2a9f3b63dd86e642af920d9

      SHA256

      8ab52cc0849bcb0b8db501624ea133aea4ec58a7338dd5697421369019b9ea40

      SHA512

      2fbef29708ee1d61213ce932435855a86ce86f68c1ad9077b283c15ddc1b1cecc69aba37f97b2390031312cf83a49af5df4d9e6da7d1a8bdb3b24eecb72f364a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3021f1b172b3c46b03a524e60f665b21

      SHA1

      fdcc688d6d5619c906d56332a110f29a600a4e06

      SHA256

      f200f1d7b6077d16c11a666274c3eccda682417c448d25f9ced1f81e3f6d4023

      SHA512

      a36b5460a7239595604d730fe6cbfdeb0f38f4602492da6136c595e4ca001503225889848aa37aa6fcbe5919211bbcaeb9f0f82f26ce16cebe53eeb8c3d7aa9b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a3cc4b09fdd25d59778e02b6050aa617

      SHA1

      1a145d0878948156b258a52a980bed3fdb36f231

      SHA256

      bcaf5ba9a638e3e157f37b7c1488bf9642bf408f3b82149d23de806625df503a

      SHA512

      81720af7669ded5dfcf0c2487ebc2e24a4543fbd46e07b3bda219db182ba47b3f78bc4a4fe4184c1bac818b374317403970526695c6fbef77a4bad0677dc406e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      59658759d43ee76abbb3a31d00f3047a

      SHA1

      8b6bf9bfe7d82c4ed62d64fe8fb6792a92ccd9d8

      SHA256

      4d56cefa0152d6032b20b2a0645d4e4ce73230ce1870dc6a5003451a47f9d038

      SHA512

      03eae8832763e8ba0c3151d7224d6a09bb6b325b53a50280bec71aa3cb34ff738f3346082440c9fb2a2c6b822c62b62f548cc95075868a3d596ec656513511b2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8bb1c0f5f6aa9f03a594cf915bc704c5

      SHA1

      3948e5bf94e9fff770384b81ceb4188ecf28301d

      SHA256

      6a93636c07d7f678f4ee0b89ca1d5fb31cfc7bdbc311e57aac5f15f3cb31f5c5

      SHA512

      faa49a1bbcd2679f00c474122d0e77e29bf09a9d4deb692718b151e0d93c5100379e1a45a0cb78917c25fd13f25b2751979d41d62b12c27e80a492b4bb91a407

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d9f64621f8b55de7de83dc02c6f811f9

      SHA1

      ec8ba260e81ea61f5ed1210ab7f141d7ee4df79b

      SHA256

      a239a08efd710d9a51eb202d007e4e6afc0a63722a53e60c61706ff77f5ac4b1

      SHA512

      53e9d63c7e79cb486bda172d78f5c03f79499ade7ca28cd2b03ff98a1a3c0e76897fd91de8639ddecc3f014b72026a760d63498a3727a3d42f0e8081bb45c3d7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1d471f78ab392548ae409fb2c6781798

      SHA1

      370ffe2d4cea2d378fcc5a54ef59260e3a6e6306

      SHA256

      3e534ea9c558095db43c5411139ddbbe6693dba128fed0997ee4a5c97975a976

      SHA512

      6adec6c7ab12127260cca5b0b20fe66d4873eeff501c408cf262ee15e668f59a84fdc92cc21a78e1b32bc60825e3fbb1d7b321864a2f58065a2db383b24d506f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a4e2053a4ae8529f3a77112bf7dfb11a

      SHA1

      508fbabca89258cf9cc9d17c7c6c2329ec4b7ec6

      SHA256

      e36436de5f5cce68f44716e4276dbf0c1dc3e808aeb7b96439c06c25110718d5

      SHA512

      89211add1d0474894d96b921e99e659939ebde5df23b5be7dd5653c476c1efd6a2a718850f2cb79bd32c7a746c2856572c4e72ab961acb4b74a93940c84fd96d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3c6ef3d66bb750de6ada318471a7c630

      SHA1

      11b7e88e3abf41314a2f6dfc9e002f2f3c0bb47f

      SHA256

      101e528f953370ac7a8328b0ceba9cdc4d3ad99ae50d287ed9c957b970f27bb9

      SHA512

      e9a0ff8f0122ec7629be36fc714cf67394efa17fc54888dde9a979fe9b8139560855b5325038662c3229e60fb83372a6f30279c1b1acb7968af554ffc81bc994

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0cefe100193789a5c351efa934fb0517

      SHA1

      f1e94c579db3e9fbc35b171ae3dacdc8e4801941

      SHA256

      43a11ae9f04702e94f13d93a5615f1462f1ee6b412b4ac76924fa4a1fdd4a509

      SHA512

      60b64f68fe8bd9f828f9b9174c76028e32377d18879bf1816a49381544d2dad730294f710096e8632c4589537c7fd705a2d477b6dd6b0484f2ccc821ce512b69

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab8C2B.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar9E15.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2188-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2188-19-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2188-8-0x00000000002E0000-0x00000000002E2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2188-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2188-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2188-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2188-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download