Overview

overview

10

Static

static

3

3fb56f0ea0...18.exe

windows7-x64

10

3fb56f0ea0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-05-2024 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fb56f0ea0a2488a5c3e9de9869e8d1a_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    3fb56f0ea0a2488a5c3e9de9869e8d1a

  • SHA1

    3e60d01de260c7403347cf221fa35614924e4a45

  • SHA256

    dfd9137e756882a3aadbcc7b3bf1fa9bfd7a52a159e7b60b732ab0c9eaadce29

  • SHA512

    43d17a6d6157ab29be549957e090165023ed5aa81834f1be30324634e9d89ba27e7618c4b198dfab8a326c45962963963c1868c2971838c92daf8eb35b4a43be

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0+2L6BWnqR+yV:BHXDy1qVvZnOe/HEyoZWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fb56f0ea0a2488a5c3e9de9869e8d1a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3fb56f0ea0a2488a5c3e9de9869e8d1a_JaffaCakes118.exe"
    1⤵
      PID:1872
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1192
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1192 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2568

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cc58ed3bda5416de4068cba10b9eeb6b

      SHA1

      69621c6e46cf74aee31bae18408e13b1261219b8

      SHA256

      87d89bfc44e4c171aff5f16b473c7183acb9adc160779950d23e42d6465b785f

      SHA512

      3b781a6254cda5aa38bd54a9406efcdb332d35e94a52ff88bf52be7739c307fe021248cdf4c93b03f5bc7bff7e3099a7875325ef0a92ea486382dfe6c5d46bc9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bbafa73e300193a64992d8af51537f60

      SHA1

      4b6055ad5e755bb13ccc38d3ee6920a49dc7e024

      SHA256

      293dff9a4b12c9a34e6a51d36bbadc06847405e77a918924c0dc733f1201d64a

      SHA512

      9dc8f514f1edcef9ec9e68dacca1395a9708f44a2b1d6d3209ce164b4120693588073148edfc767b345dfe1bdd6fd27d282a1bd433f86f7b909c0ecfdcf445ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3eee185ddef989b49102be83c7e45bc4

      SHA1

      03c993ea9304bf20de6480f5b6769da271131abc

      SHA256

      d09155271ed7022143eaf9e865b29d438da4a82348011e40faf320c63dc259e6

      SHA512

      4120878f99808e687ddbb7c6b501322dd026070254fc1f5079fcce2bcbf8ef002f2d12a365c2bb2c18c191496bdcf118e116ebb39b0aa22e25eeb3335d65e81b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b3721eec616d4ee7645d5e32dbdcefc4

      SHA1

      e6a23a60e0d55433b6534770b964beede3956a53

      SHA256

      44d3ae371ffa5ef7d7b5f57fc0d6e6e5e908fb8a42dc90fac6e00aea857c2d6b

      SHA512

      74d54e4064c01593b5bee8690134becf86705a84bf11a89b4c52a2288208135bd07ce08a660b75d3e6c225c56ba92c0d958290bf6fd5e2c1fb140f80b9f9593c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0dc9aeca3f74e86acd00414cfaa82e63

      SHA1

      90dfc57d9697475f3c9f5c073391e3f101db017b

      SHA256

      dc143ddf0e16921b36b0fb9578652a4a757913225fc2e100a8fc01603ae7a01c

      SHA512

      1638e6868377cea7680b0d7336427a8edbfad9b69dd12557f3f53a4b7bb6cc02032c0269b51f215c0a315487822fcfb5640f7c53099ec94d6f152e12a223be39

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      43cf01c156d9520f21e88b306875682f

      SHA1

      39379fa57b98542bd642a14a34b8ef08a36d4d5c

      SHA256

      04d02c3ef2ddd1e8ba26bada3d06bb4850a22837b86adfa4a13fa2cb2cb4ac46

      SHA512

      b5ce8d1b2abf7165c9edca3721381e6a8946ebac8cf9d1d8cea8809b39402b54498cc93bfd58d9221abccb962329d8201e70714506d839bda649979c456a3545

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fc916e897fc965ffe5da19a9ab3f7e71

      SHA1

      3a4a4cf627a46332b14b8767f1e7f36204e9c527

      SHA256

      32ac3cb839da5e77198569e7a329165d19c64affbf9434135065a6bba9b553bb

      SHA512

      5a88b0b2d8d143d8df32ab8ef177fd13a1077180a933fb2b80276014e2b5d1bb5f870dcc3ed0add73cca9af69ace21bf62a25000d9906734fb6f391397a14237

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4eebd4ae8b7a0ca9dcb3b8a0451539c6

      SHA1

      166dc7e36d7c667025263a8538a87137e86fcb44

      SHA256

      87ced594d273cef28edf9018bb30bc8fc8aca8e0fdbd4251757585e930b16c95

      SHA512

      e2cd10a6118d327ec3f449a9c34e122c932dd77c56d483adddcdef11ac94b8541157abbd24aa78eedc0dfd0d467fb4f4b6969ea658b163d054417d2e84a9c1b6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA142.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA193.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • memory/1872-0-0x0000000000400000-0x0000000000441000-memory.dmp

      Filesize

      260KB

      Download

    • memory/1872-6-0x0000000001CE0000-0x0000000001CE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1872-2-0x0000000001C70000-0x0000000001C8B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1872-1-0x00000000003C0000-0x00000000003C1000-memory.dmp

      Filesize

      4KB

      Download