Overview

overview

10

Static

static

3

3f6923980a...18.exe

windows7-x64

10

3f6923980a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-05-2024 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f6923980a975f19415c9cc653eb38a6_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    3f6923980a975f19415c9cc653eb38a6

  • SHA1

    d013ae346d2e991c28b9f90bbb4a7bdcb34e4640

  • SHA256

    e4b6725684d724eb207a7471d7c35b1dbbf9ff754860c6473a7e6b7884c38efd

  • SHA512

    ab8251c5e5824fe153bf8511e47f54f8016d520ed7c5408b8b2b010fa2d8321dfbbb110804ff2b6b14d60dafd061b1db08f6c71541b32c58b6eda9e4c261577a

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0U2L6BWnqR+yV:BHXDy1qVvZnOe/HEyo/WGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f6923980a975f19415c9cc653eb38a6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3f6923980a975f19415c9cc653eb38a6_JaffaCakes118.exe"
    1⤵
      PID:2024
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2548
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2056

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6eb943f96b021e25df94a38046889cde

      SHA1

      e1fc79b86cabf7976db2448a9484b80425b13839

      SHA256

      099fdf51e5c7d9720139c42fb2e6dd7e338038d76b37f810064a499673d8d526

      SHA512

      fda1cbce0c488be8ab0ea0eb5cd8e10e680be7a11688d10f6d84b2c41123a7c35fdcb4a8691c656b3c2e31fb59858c5cfd8cb9bb4acf89cdb6b19ec8e6945a9c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      873bf038bb7cd791b037f5397a8d3149

      SHA1

      61fa59cd6f0cb74a262486e81679b0cceec6ab16

      SHA256

      d2bdc2f5142b91b624fcff2459b343e15304ab82ae6baa0624d4ab76ba4c6eed

      SHA512

      2475ad682dc172e4d6d209d62b74098837d630a0af2e703619774cd06ff3d6861fda3ab698157fd2d1f8d470735a868d4aadcbb321ed4a75125951c13f332f40

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      299c428f980368ef9f0188cfd35999f5

      SHA1

      ff622b1415e1bf127aa935f8ada5568d2854c08b

      SHA256

      0098cf01f3ba6ec51ac5583e173ec71933ed189a23fe616aa5de002f9513d3d7

      SHA512

      0fbbc7832e14614097fa955d5b5289f8bea9a2a9797d735fee387a66ded22e04cf93978aefd9a15e0a017168aea9e3f95e099509911f689fc5fb007a52058394

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6974984ca90eb3e0d0f55a67d70154b5

      SHA1

      543ff60e6b898fd7a47d085493f29c28def45817

      SHA256

      b16e5f1bbfbfd1448eab3724e97fc2a617c59a8006baf62c177679a8ccc29895

      SHA512

      524f719ad843320ab88b21578d973a9ec7be6583344c0203c6aa7709a53b4ee7a28ecd52f72f027f804b98bafee6502de6851886c397186933584a80fd20ca60

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1a862f8c305fdaef504097859479552e

      SHA1

      295d136cb113b8eea3b91ac8d436360c76eed044

      SHA256

      91afc8411052a1ed758b3e0746177b48e5550a176e66de808afd333f93b8e2d5

      SHA512

      e94060abd5527000c0cb542405642fad5ed2ac865efc9696d43c0db0c215fb8c763f85e897ad669ff42c9eb8788e033933623bd00196ec7c53e252448647980c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f964d1841b8a9ca15c011dd675619f16

      SHA1

      ef58985613a6da480749626f57859676039483ba

      SHA256

      641ee2a5d654cc18cf843d76c18b009e6932efef7f35803972a4df949a46adc0

      SHA512

      c12927e2858e1557ecd1d8b89122ee0137fda0e291cc766f4c6ef7ac14a78044465172039c12ecb7529ed18e15460fcad4cd78a4f826b6c8a32d407d90903ebb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9a6157277b7f14880871743b89e886b1

      SHA1

      5517e195ffc117d593f09f72ba8bf49a85c5a45c

      SHA256

      7a42744bee57a0f8c147ae5487f22a6ae7f11a0e0168bc45235810351bc1a88d

      SHA512

      1f6729495293b9f993cbc347f816e50393e5640945807735f68d807c6b0f5aedf2e776feb15f699b4f0aa448e980dbaf8de9c94f9095995433dc3eaa2f9b7e50

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1834a71c78a89e57eb2d93d726afe806

      SHA1

      902af351caae44f804e45c783683ac47ac812012

      SHA256

      1d9e7953cea89feb44922597b845f7b2c7e928160ada4c14bd5495facaa76fa5

      SHA512

      f113d63502aec0f77321b5ab08c92a068893d66bd5aa905b2334ba754b4f0c494ff174647e780596762b40a0f15072d9859525484366810f7cb568a2c0f9e9ba

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2c095ebce57dae82cc39c6ddadaa8055

      SHA1

      2f3389906ce2f5e59d452aa5d1db7e09d0322e0b

      SHA256

      1131082c8dd15e8256f8b1a5518096785b5b380861f1beffa28cb817a9f455fd

      SHA512

      3b096f3278bbfe4031988bfb4ab9cf83627bc526b7cac582b5d2c86432a07913dcbc41b6012ead44294485988cf326e470207b38ed5717e0de5ddaa593a4c898

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabAA27.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarAB28.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2024-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/2024-6-0x00000000003F0000-0x00000000003F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2024-2-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2024-1-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download