General

  • Target

    3b23d2c8dad85f174498a3df322b12df_JaffaCakes118

  • Size

    203KB

  • Sample

    240512-vfhttsfb5t

  • MD5

    3b23d2c8dad85f174498a3df322b12df

  • SHA1

    220877a9f890976aad3ed2e55b626881b755fd12

  • SHA256

    94c674c753209d3fd743df5a32b832aa55bf8a69e3a75f83f31571d4f36c667e

  • SHA512

    1b8d5df393c46a0ecf7d9899f6f0e778ec345606a41cf4c5259971ef73dd323c3dc3dc6901b355f60d46ba2b7a902277e29e5adec8164cbedff3b96672408780

  • SSDEEP

    3072:9qji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:90dp4uPZzGonqXGXh0bluBc4GZ5

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      3b23d2c8dad85f174498a3df322b12df_JaffaCakes118

    • Size

      203KB

    • MD5

      3b23d2c8dad85f174498a3df322b12df

    • SHA1

      220877a9f890976aad3ed2e55b626881b755fd12

    • SHA256

      94c674c753209d3fd743df5a32b832aa55bf8a69e3a75f83f31571d4f36c667e

    • SHA512

      1b8d5df393c46a0ecf7d9899f6f0e778ec345606a41cf4c5259971ef73dd323c3dc3dc6901b355f60d46ba2b7a902277e29e5adec8164cbedff3b96672408780

    • SSDEEP

      3072:9qji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:90dp4uPZzGonqXGXh0bluBc4GZ5

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix ATT&CK v13

Tasks