Overview

overview

10

Static

static

3

43c8388c27...18.exe

windows7-x64

10

43c8388c27...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43c8388c27720ea5e14d1b18c51ef058_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    43c8388c27720ea5e14d1b18c51ef058

  • SHA1

    ca9e0fd12ceec3a8b9be20ffa694bd521662bf15

  • SHA256

    91b6d6d193a7c65a64bdd2b98cdfdfc8e27159c58cc3873a390bca577befe741

  • SHA512

    1de2c83270c074882d0c0469b4db7fbaebac4cce97343d3e209b881df83d8ef197246a4283965400bbbd354a8efceeaf749c6bd2e7a7a07c2e816958217c00af

  • SSDEEP

    6144:5VfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:5VfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43c8388c27720ea5e14d1b18c51ef058_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\43c8388c27720ea5e14d1b18c51ef058_JaffaCakes118.exe"
    1⤵
      PID:3048
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2828

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5afa3d96f6c3db673d331bb67060c629

      SHA1

      0616640fb333690caf98798927e5ec574a3dd6ff

      SHA256

      c33059cb6bc17358dffecce818c5fdb1b1692d2ad1af2bdbc7c3a9d17a76a62c

      SHA512

      74e63c5f9590ac70387ea5115e1363c0fd3906226aa03df15cc938aad64e4641a8be34c3c34efce85b3e2470ef769bcf7a08f8e039fe8cb2bb117a1fd4a826c8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      293e8c55c9308138145516a981c3b238

      SHA1

      271b8577659fe62968bdfd864293180eb24d9624

      SHA256

      ed2635eb042d9cff9546f7ab7853e789cb39b18d6b4be95d9e1e10f95d51b727

      SHA512

      3817bc8722077e3a0583668ce23774cd4cd8dbec9e1dab803c1d1a30d4c727b368226c98e8ae4397675fa4c35346fee3d9cd83cb9b2a35394deb0b2163de2bcd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3bb179d8301980fde2b16a21444fe946

      SHA1

      b9e81ff6b54a0a33583149ffa093ea9b5299ec19

      SHA256

      345dd769d7dfa22be39c635f2cd8c3ed4bcbbb90669cc7107e32746cf212b428

      SHA512

      d5b00d6b249587585b274b4beb26e3d510e6eba9edb8d079a283e4dbd8f04d4d7e771ab4a4f94eb4fc459dfbe3af7a27874b4f6fc83569a5b2378633a8558bc0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c61e72dacd3ca48cb53d77df90498fde

      SHA1

      05dbc752f211f91ca405f5ff1426d71188b3111e

      SHA256

      fe62e6299a7dd68212b9e5663a150885bbe2c9eb6d71c610477f2d53eb0f36ff

      SHA512

      a33e9cc72fde793d214fe905249e49750d1abe7ba5545f0015636e0d36bc48164491a803824864e0c9d892babff55d2855a06326f1997f164032bbbd44e0a336

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e4d185368a6345bee492739762a99093

      SHA1

      ba676497de62f1acd1a3e00c6a42725562142ca4

      SHA256

      5ea4b148c9cb32c19749ef9078000b07a313e62882f282a371cfa614afb37859

      SHA512

      2a2430d1c0a55118175863bcb95921573dbb413f9b74b4f1cedfe000c9d76d18b3942c9d4d656630db0f42280942a6b099c789e0b91105be2f07a7ae7404c462

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7799d8a4d3ede8b6c5708376cadecaa8

      SHA1

      b8ddfff87f9df0e2db755ace2fdd1dd1866339e6

      SHA256

      f791ee75de2245d085ed7cc5378908de29e2ea57fc566e84fa7bca5ce1dc33f3

      SHA512

      89babcc7186d496e7971ba339a9cdae82094c75ece0d4bc35d17cea0424f12818e17aacc1946613d9046c29a53b3b60c35caac4f10fd6557b095e9d019735b68

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f9ba64022ee99006a0949c4984cc71d6

      SHA1

      a0c46534e1d648482bbd0087aee433f3874403c4

      SHA256

      4382963266cf1c9a6842ea77f0b1d18fd9e6e0cbccc6a0173b8193f2a213c21b

      SHA512

      9c033463f0df79d6802c56c6029d9b4ae60a12fbf960f32b3533632bb559da94c37b228924359671c80dd361b26a51b7b1a44523b2ddc50fc2520695b460058b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      adba29bd3e41d56193aae51ba311cdfa

      SHA1

      d9a0a48bdfc9c2a340aa86f7b606877a87f7f918

      SHA256

      96f8855e3372e2f2d8f0b322a571ed15841e4fca63c761f24fd57d7ce1e37fea

      SHA512

      92ccd3906e1f128b305ea942eb3af6476f4d1bc4478ea2bc2253ba32ef4df165e5c12cf761b2240fc51700b656553e1a4753779012158bcad0cd2868eeffa52f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab936A.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab944B.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar945D.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • memory/3048-0-0x0000000000AC0000-0x0000000000B13000-memory.dmp

      Filesize

      332KB

      Download

    • memory/3048-6-0x00000000001A0000-0x00000000001A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3048-2-0x0000000000170000-0x000000000018B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/3048-1-0x00000000000F0000-0x00000000000F1000-memory.dmp

      Filesize

      4KB

      Download