Overview

overview

10

Static

static

3

4430a39cc8...18.exe

windows7-x64

10

4430a39cc8...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 02:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4430a39cc8e61048ae3cc2e1fd0c65c0_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    4430a39cc8e61048ae3cc2e1fd0c65c0

  • SHA1

    216ed2b689ce4ccfb0ec4032083fd527d3519b4f

  • SHA256

    cf4cd7dbfe3b8ae3b734b33725fccf03edbdba7e670150dfafa8c8a7a3de03ac

  • SHA512

    c3465007f9a4715c75fa3ad2bdca0cdff0582a3a2774c07ae0108b0a7ce6c3e52e1c933fbbcfc7740b6e15a7859f875da89d6986e0b1ddd768c02f772d4415a6

  • SSDEEP

    3072:90ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9+dp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4430a39cc8e61048ae3cc2e1fd0c65c0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4430a39cc8e61048ae3cc2e1fd0c65c0_JaffaCakes118.exe"
    1⤵
      PID:3068
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2568

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      743c019ee36756f16c09f21eccca942e

      SHA1

      3d24ad50d51993ee6f9a761be5e54345b5bc09f2

      SHA256

      9c02b814e252bbdabd93600fd9cf70be2b747dc061a263fe9bbafe67078ef2a2

      SHA512

      57738f628d0bedc31f1bf5de5049950f868d27b21bdf5fb62b4205f1ba3b31bf6f7d34a1b92c352d992578390ae8469bca1e758449072cb0cdf73b59078cb6ed

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fe1fc67ec2f60fc51ce7f1dc82c6cbc1

      SHA1

      605967d83791b612e084c47e09b5d24a1782f0b9

      SHA256

      31645c43a87a704bb6fbd97295460403ff8e6e617acaddd6c006a2dd536106df

      SHA512

      c7dc491204b7bd4eeefff0991e0002d178d98251091bddf6bd6c83f9d3dec9a0799096fad40ef9f07386024a90a34db918b1e975f79a838a219571a500c796b1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1014069e9cf5f8dcecd23eac54709130

      SHA1

      9307e3557a02b47fd6f6c8f650b116de13c5b7a2

      SHA256

      337c9cdf0dbfab28eca1818f0a5485d970aab3a433f5757620e746df13a7b061

      SHA512

      7c1f5d5f9a800a06d50491c7045596ed58c1bd147e598d39c6cb124508ff9daa52213c811e49ad6415c0127f1bbc8f83ee99965f51bda8caf29bcae858dcabac

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      958932e1b359ac73a88b67b04e4f1848

      SHA1

      4e3da1f6c96b6c9019b2f3875be275330a21ae7d

      SHA256

      6f674cbaacd94bd339c2e96beee399db8f60054dff07e05050deaa09736636f8

      SHA512

      368bae95b21f982ead5152e3a3a05d05927c3da650e69801e9c18c40760d94d5025c42d1389f53d51e13902c4e7af9c63b87c07e9c1eb2941a7706b8386fa95a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      36041588225dc20bf6a0b5f42461782c

      SHA1

      a091669a10e8cc4c701c3d27a74a18c9401c594d

      SHA256

      15e0d99f8381fe0e7e835b3c193e909ba651df2b2ccb3205f7cdbfb6e9c70ab3

      SHA512

      787089a06c125a13cf7701a5c1d99dc5d0992d9a97a12f78b08c837396470b8172dabf4b7587f4d79ceb37d4f29442ad5bf981f67cb1800755475c5478c62a9c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7f5c5fb3bbed8b835c70e3c90c33199d

      SHA1

      9a0616747f7563528624800173dc267069e70690

      SHA256

      fce2e648913ecece0ecbdf099e653a50644ac7af1b8093f0728853d789fe855b

      SHA512

      a36acb4ffcd334cba2494b3021c0b0f9955234900bbc5cf86ee261dcf01d48a74203f50b47fe65533668271b5f6b7dc80b5c81c0e2701134c6993b14658f5970

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4fa68bd4fb7cc092c6eb12cf5ef46584

      SHA1

      98e5d5df988f649aeb0df98b0eba5e9bd1061d16

      SHA256

      a49a02c1a21ef80945435f319ae1453e851f86d7cd5cf5c226ceeeb9dfd1985b

      SHA512

      04bca48ad1404d37351e9cef5673c4fdeb6a5e9da22209c7004e7eb9258aa72064528ed9f8b32825bf1fb6c4feaf637bfb95a967382ddbac8a81acdfdd83a9ca

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bdb2bd4b3292fcaf3b8aef05d40ce3eb

      SHA1

      77ed1fa86b9491091564dc6a2b1c07d1d5b04c81

      SHA256

      399052f8bf3f0a69fee5bd83bfc344a43da4a38714646acb5ad38210ba1d1ba3

      SHA512

      fbadd683a45334fa8fda3a3cbdc4cbf55aa593e0ed63c162af74224c517ae552aa05cec6f2faa356343f9e330e81db31125072a77336ded3de0ef37d133b3f72

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b71bbfd1f302add7d65817bd6d610ff4

      SHA1

      ffa264288bfcfff151c29bb1c2fe90e25a5857ef

      SHA256

      c34e6c91e3467b767d5973a8157917a17d1024d7f3af2dcd5382db058d7b4bac

      SHA512

      8eeab377b28dafbce7fd6ef8eb17ec476642a9a2d9028ec3ad7f66c8b82a144d6915197eee5819c3515db4820d289235a31580742ab7849db0346daaaf7ae063

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ee4a0fc0a3a80a8d95a1f9eee3a4e6d1

      SHA1

      7c968cd7f0fcbc7277dda5a8673ad6b0c7869875

      SHA256

      336abd2af2ad7cb248e8a95ea66b0b7b400ed0e45cfaab3da395dc4490abc460

      SHA512

      07f301b4a3d25ba872f4ffd507fbdb84cbaa02de5e6a35ec5e3b957ec59f0cb48eeb0146678226ad1cadad8d50a1ed1daf391b486294fe6e6fed2cf922143e63

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab80B6.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar9291.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/3068-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/3068-19-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/3068-8-0x0000000000610000-0x0000000000612000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3068-4-0x00000000005F0000-0x000000000060B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/3068-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/3068-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/3068-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download