General

  • Target

    4437181d49e96f3274f19f142a5718a1_JaffaCakes118

  • Size

    203KB

  • Sample

    240515-c5t92sdd3w

  • MD5

    4437181d49e96f3274f19f142a5718a1

  • SHA1

    4c95f579dccc69282090f4ddc89cd73c7aa22b47

  • SHA256

    419550a6e4d323506dac1a43c9cf40cf019b3965354e711f253afef12fd57fa6

  • SHA512

    53c41e6be9c13df149b8ea19864e32945c96cf1d1adf4cc32a33e7af81699595f4072bc3a538ff686d06697f5f6071101b91891db052b2f0feb400138b501564

  • SSDEEP

    3072:9Vji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:95dp4uPZzGonqXGXh0bluBc4GZ5

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      4437181d49e96f3274f19f142a5718a1_JaffaCakes118

    • Size

      203KB

    • MD5

      4437181d49e96f3274f19f142a5718a1

    • SHA1

      4c95f579dccc69282090f4ddc89cd73c7aa22b47

    • SHA256

      419550a6e4d323506dac1a43c9cf40cf019b3965354e711f253afef12fd57fa6

    • SHA512

      53c41e6be9c13df149b8ea19864e32945c96cf1d1adf4cc32a33e7af81699595f4072bc3a538ff686d06697f5f6071101b91891db052b2f0feb400138b501564

    • SSDEEP

      3072:9Vji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:95dp4uPZzGonqXGXh0bluBc4GZ5

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix ATT&CK v13

Tasks