General
-
Target
3c353ccc861ddd2790a37d486dc6cf33_JaffaCakes118
-
Size
618KB
-
Sample
240513-w5fanshg43
-
MD5
3c353ccc861ddd2790a37d486dc6cf33
-
SHA1
3d2918876d189c684ac824c901710c462c37a302
-
SHA256
dfd77534fbd49aa51b69531359ad0e8c4cdeade7fce322c410b8c844400241c3
-
SHA512
9ffcf68af702ef60a6722b6af77295c7930c3ae896222317fa3c27a0c8a25197f3bf0a5427dada719f96b9a771394b0d22c899042f9f6e5a8067339151ca183d
-
SSDEEP
12288:m7MAbTmGdzc6PVXjFsflG0z+H9YUr5PvfbZzwX1:67fmGzlVzafk0zUr51zwX
Static task
static1
Behavioral task
behavioral1
Sample
3c353ccc861ddd2790a37d486dc6cf33_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
gozi
Extracted
gozi
130
http://bt2e3wov5mmesooc.onion
freedomhouse.ac.ug
freedomhouse32.ug
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
107.174.86.134
107.175.127.22
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
3c353ccc861ddd2790a37d486dc6cf33_JaffaCakes118
-
Size
618KB
-
MD5
3c353ccc861ddd2790a37d486dc6cf33
-
SHA1
3d2918876d189c684ac824c901710c462c37a302
-
SHA256
dfd77534fbd49aa51b69531359ad0e8c4cdeade7fce322c410b8c844400241c3
-
SHA512
9ffcf68af702ef60a6722b6af77295c7930c3ae896222317fa3c27a0c8a25197f3bf0a5427dada719f96b9a771394b0d22c899042f9f6e5a8067339151ca183d
-
SSDEEP
12288:m7MAbTmGdzc6PVXjFsflG0z+H9YUr5PvfbZzwX1:67fmGzlVzafk0zUr51zwX
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-