Overview

overview

10

Static

static

3

45df54dcd3...18.exe

windows7-x64

10

45df54dcd3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 11:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45df54dcd3b9eb265605f2f545358f69_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    45df54dcd3b9eb265605f2f545358f69

  • SHA1

    7445fbde47de0897c4da5fa9fbd8db254dadb7d5

  • SHA256

    510d38f1cbd7e373da4b13981cd31670c427998ade88de8804fd36cedad2e2cb

  • SHA512

    61d2d7c464f9452c6828e67121f1d44a603ed243bbf384a6a4f57a53ae2e965e017c95490c11a8e4003d1385efee19b924f5bc86333a93a19661baab6b3b8e1b

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0r2L6BWnqR+yV:BHXDy1qVvZnOe/HEyouWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45df54dcd3b9eb265605f2f545358f69_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\45df54dcd3b9eb265605f2f545358f69_JaffaCakes118.exe"
    1⤵
      PID:2308
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2256
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2632

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8c3f244c9e93c89e3d4937e0a221324c

      SHA1

      98c6ef1301176c2dd358e801d625e2d3ea3ccd05

      SHA256

      1efe13397cba259691e05b94e0d096b67f1c7607e64f8d8aa5d8bb8d121bee7a

      SHA512

      f9d15366f3b98796925f0e468e999499bed0de7c5a0810864f09626550cfb384c54ac880005eae9ae25317d9fd5e7fd91b91d78bc6c8f1340269631bd9bc9a51

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6eb7d85d3b757e672e50cbf5b8d3d992

      SHA1

      b1e333b3a8620eea62730931a2729b355c6189c1

      SHA256

      15b64ff27052fb9558f64511155153e672edb2242d6b97ee2ff2b64826dcfd95

      SHA512

      a4d5b762c0a137695eb5122e2aba5707f7513a0e1ed90f4d273af212f8298870da5cd21498eb8c2e84c0f10d27c842660c6cfbe8f45be6203bfe381a428747bd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a5b15e75d6bf347d9d6fd7382b5f56ae

      SHA1

      10d401f0efd2d2ca60b667d7d8a8931c51690a7f

      SHA256

      e55770fed1ed1be2731440ca9cc84f62e02588cdf4b971dc2922984ddaa0c720

      SHA512

      658f35910e384017f6641f312a8ce0906667569d8d8630e493c8a4dacf0a4dae996ae87580d499061a0c276358ec1539ec07623c6cdc12a2a2ce3f30a2e9c696

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      68d98535b7b8db73612703a3904e66c0

      SHA1

      8e739e9aff8a066d21e6a1bf3fa03fcf32862067

      SHA256

      ea46ea3ed1f4ee4555e63ca94c2624c3455c0046fe66cc5996ea0e56e12b2810

      SHA512

      6672804fad461a72a46ca0e80c50bcd9fa95cb10babac2c2ceea6f3e78e298e9011cc30012108044e2c91427d62fb07523a8704120189f1c2aaa0d97bee0563d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b9d879d9539c7721d3b1ad808a683ec0

      SHA1

      1f2dc1251bf2901e724218ec5b271adcf8b91561

      SHA256

      7b574a59af710acb551f797493cdcac3ed56ba90c8effe3329c00de13694b95b

      SHA512

      e589adacb4da2f61e2abc8ae02373f7aa9c5dc4871d30f11bb518cf4277186da0a3e01f444445bb9c5cb4762b509a7c02744d6240a3ed0743048a673aadeb462

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fda2ab10335e8d2e0e0e4f1e47d1e551

      SHA1

      bfd0cb54775785f28cdfa97ee720811c621a5b15

      SHA256

      b6f0a70c2a191b0fd5e11811f934b1aad2a3642cd3214b1cb73b0616dc3bab18

      SHA512

      219b783bfb95d7ec9a9ff0614e0364f1edfe2d400b4e9975bfc4e9b3921030062e4e1f5362eb3ef9ce7ebccd1be6647af87af75febe5877d344da6485d13b479

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9b7cdf404b8062b7bdc5ff1576339d48

      SHA1

      368ba955c3190a17b9701a81868a800a43cb0084

      SHA256

      ff4adec7a928872327f17aaaed71413f7a7a4974c3fd990fde70b34738568de2

      SHA512

      85e02d22a05e44c4bd2754f86004f6710be8607b36c22f66d5c50f232958bc7f9f19ce0e8d13c9db6a5b4b9b27a81c429abb917bbc6fe9a9f020114d91e8066d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7f449d53f0a8e1d77e46d9755c33a707

      SHA1

      ffed638da0dcf0521b3baad3a16fe163fbcd666f

      SHA256

      2fb1fe626d955421def523b6bfa8e9749236ba0135ec0182395dee713518218b

      SHA512

      aa5277984372a4f657c681a707996a97e767b10e8862a50e8f1889097bb4e35c901c534566c51bd552c36c5034f194ab7a6284f2f2dd21095a82711c34f0706f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      201e9110f5ab4f649b7dc76ba8cfcc05

      SHA1

      fe9f4167e3c201ba791a4d769561cd97a786bc96

      SHA256

      47fb30be4b4f85bd17fe659445e58aa8c809e61ebab2814af2a77a052714bd72

      SHA512

      e4d5c8a07659d684992c7e7603617ba6da8706feac0be9dd92af50285d4d32ba30bbc0e225b4f5ce7096f36cfc5c52c64af2d5aed905b2369542aebabd0d47aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9426.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar9519.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2308-6-0x00000000002A0000-0x00000000002A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2308-2-0x0000000000260000-0x000000000027B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2308-1-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2308-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download