General

  • Target

    4d204f8deac4bf89d6c102b2001bd957_JaffaCakes118

  • Size

    203KB

  • Sample

    240516-1f9v7shf46

  • MD5

    4d204f8deac4bf89d6c102b2001bd957

  • SHA1

    5f4b519e1cc4e5d87c8efbf91644932b154b3a6b

  • SHA256

    b27280262a19d757ad865d4985f761607487c73d6690340b66cb4f86fece74ca

  • SHA512

    daa46d58ddcd729d7fc4f1dab069e0ca8de802bdd3fca338fd5034d8626bf4703e8b12e8193110f5c6854e146f163e9644b588df25ec9da440b03404eb346aa4

  • SSDEEP

    3072:9lji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Jdp4uPZzGonqXGXh0bluBc4GZ5

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      4d204f8deac4bf89d6c102b2001bd957_JaffaCakes118

    • Size

      203KB

    • MD5

      4d204f8deac4bf89d6c102b2001bd957

    • SHA1

      5f4b519e1cc4e5d87c8efbf91644932b154b3a6b

    • SHA256

      b27280262a19d757ad865d4985f761607487c73d6690340b66cb4f86fece74ca

    • SHA512

      daa46d58ddcd729d7fc4f1dab069e0ca8de802bdd3fca338fd5034d8626bf4703e8b12e8193110f5c6854e146f163e9644b588df25ec9da440b03404eb346aa4

    • SSDEEP

      3072:9lji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Jdp4uPZzGonqXGXh0bluBc4GZ5

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix ATT&CK v13

Tasks