Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
15-05-2024 17:41
Static task
static1
Behavioral task
behavioral1
Sample
474adcbbd56545e775b13d1ea3048d10_JaffaCakes118.exe
Resource
win7-20240508-en
General
-
Target
474adcbbd56545e775b13d1ea3048d10_JaffaCakes118.exe
-
Size
299KB
-
MD5
474adcbbd56545e775b13d1ea3048d10
-
SHA1
c5507feb50d4ad3a60807fb6942317838b7f3a56
-
SHA256
64d01ed1bbe05ae4ca42b4e3437fd4bad69febf0637da7f4ede9c889bb1eaf34
-
SHA512
b833ea8bd93a33a147c6dc9448123a0500c026c7775367cb813b08c64d653c187f17464d5805965a2ff89fa9c9282e372f61ab10814d1fea3949f49b374c0d36
-
SSDEEP
3072:RcV9NdB2RYNiHB0F7yZCSOm6g4zM6EXustQKu:6ndB20iHBlYSF6fM6EXVQK
Malware Config
Extracted
gozi
2000
ax.ikobut.at/webstore
beetfeetlife.bit/webstore
foo.avaregio.at/webstore
api.hamanana.at/webstore
api.ikobut.at/webstore
supp.zapkopw.at/webstore
cdn.avaregio.at/webstore
-
build
217061
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
193.183.98.66
91.217.137.37
192.71.245.208
8.8.8.8
178.17.170.179
82.196.9.45
151.80.222.79
68.183.70.217
217.144.135.7
158.69.160.164
207.148.83.241
5.189.170.196
217.144.132.148
94.247.43.254
188.165.200.156
159.89.249.249
150.249.149.222
-
exe_type
loader
-
server_id
550
Extracted
gozi
-
build
217061
Signatures
-
Unexpected DNS network traffic destination 16 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 193.183.98.66 Destination IP 151.80.222.79 Destination IP 158.69.160.164 Destination IP 217.144.132.148 Destination IP 82.196.9.45 Destination IP 68.183.70.217 Destination IP 217.144.135.7 Destination IP 188.165.200.156 Destination IP 207.148.83.241 Destination IP 91.217.137.37 Destination IP 192.71.245.208 Destination IP 150.249.149.222 Destination IP 5.189.170.196 Destination IP 178.17.170.179 Destination IP 94.247.43.254 Destination IP 159.89.249.249