Overview

overview

10

Static

static

3

4d204f8dea...18.exe

windows7-x64

10

4d204f8dea...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 21:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d204f8deac4bf89d6c102b2001bd957_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    4d204f8deac4bf89d6c102b2001bd957

  • SHA1

    5f4b519e1cc4e5d87c8efbf91644932b154b3a6b

  • SHA256

    b27280262a19d757ad865d4985f761607487c73d6690340b66cb4f86fece74ca

  • SHA512

    daa46d58ddcd729d7fc4f1dab069e0ca8de802bdd3fca338fd5034d8626bf4703e8b12e8193110f5c6854e146f163e9644b588df25ec9da440b03404eb346aa4

  • SSDEEP

    3072:9lji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Jdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d204f8deac4bf89d6c102b2001bd957_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4d204f8deac4bf89d6c102b2001bd957_JaffaCakes118.exe"
    1⤵
      PID:2368
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2900
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2640

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6e43d75242d26af50d8f76fe2bc7390e

      SHA1

      c5b53b1408fad2c853cbf5da96fa8142174f68f2

      SHA256

      9812b0b289544d96aeda47c2411abd087da07a7d62663343e52fdc7af1f2db04

      SHA512

      58729e5e8e2922c60d636a759a6ab6ec21bf03643581d089abdb78569c4ad2e62b455c0bb59d88ba5ad243136ef009c450247d0a928ccca5ed762f7fe6ec6121

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      faa22fae7a0d8de09ab7dc161bd2e34e

      SHA1

      242641d577e7a7b494ab87dcecc2be37d2d1c544

      SHA256

      b9e2b56de89660881d75317b1e698b7cd3cfc18f12dc0438f162aff2389af518

      SHA512

      5a29f33358072fa671d20819bbfc2455935c8c08df2c95c8c487bcca4a0a7d7a08a5f97ac513d3ba30d5bb240749e0501660eb7801e01d4fcb556d7d1165c46d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7b5af0b5b627f8092453da59855df942

      SHA1

      5a46d0264627da60dcdd014a179125954f54e049

      SHA256

      899ef1527e481a73d188361aed4da05460272e0b16c189d73856954d782bb9b8

      SHA512

      4ec2b1b0a574402c17962006408321037f657ea2e018247c09241cedba29ef697a3466738bff691b1e890d209d59086a7f2b198db5d37ee554ac33624902e42c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a422338a57997565817b9687c8118def

      SHA1

      de34afc73f5b68f3e3b39d818ec05baca151321b

      SHA256

      f91e8d178dab30fe59624b8c1f112c9c7e2bafe1453e8a0bcc70939c41e0bd37

      SHA512

      2611ac7d512e5710e31974aceaa2d8cac498d2a32a3ffec16e38f6d105f5a6690fd2b9f2cd9257b16101f06d14641797ec38d1c7ee9d54ff5657bdffde9f7485

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e8dfe3c93663ec8691b3fdd5c259dd15

      SHA1

      d744a9e2bd043e414553016b45640bc40f40f315

      SHA256

      e774485926aa222f3cb1d2bdc211bada00d459fe81ce447317ef3249833cc394

      SHA512

      9165e20125c20aa81ecc5ffa03ad0f3cf394f69006ca119db282d0c5cd7cdd8cb6586d0aab0c720d4e91b05d34bcbf952d33a56d2dfcd6f368a9030044591443

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ce48458f29d09731ae9ed53840a67531

      SHA1

      a4ba9aa128328e341035f48260dcdb882e79b0bf

      SHA256

      4482a03ac31163accc8b5130fd0b38fa7a673414954bd76a79ab20cce48cd057

      SHA512

      ad7aa2ce5cb70f21c0a4a5e4df78cf6b99c875b060292497ca1e85f6301e26a759b1b97b55ccc04c2ceedf5387c00702661fb518cb787424bf956d6762fa06ad

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1bcbaad21c2245b473af144d3559f8df

      SHA1

      1c984408d90ad52a241284d14b5f7d3d1152a3e4

      SHA256

      46267537a244e07e0eef3478b9c137fddbc1d23d943f81c012b7c6150cc9dcb0

      SHA512

      ee682fee6cf9de0141ea3b9494bfc3f349fb3e81092f41a695e7b543383f6750dfcea9927c8938e42ba5c1a8bf99070d2c312ee27bad88f2785b44fffcca50f0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b75a32b9697e06277c8323febcda8e5a

      SHA1

      6d4bf015ff7b99d34c066c853273293aa4d40f18

      SHA256

      d36f6d5fdf687e04570b058818afc03ab4894139ab46d808c19f514194d1b70c

      SHA512

      aacf05499b40c9e2f0dc197c68645d998c7f8ef7cb4b9e09e6607ca23f8d7de9b3e4caa7e6e611d684b1d7adc662365fc60cff39091cb5d5fb9f51acda7bb021

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cc446f7be8e667a5c8fc0d4a57778e5c

      SHA1

      cd410dfbc22619b21384ca1dc55b1ade65bdda31

      SHA256

      87ad0070708c31a926e74d146d3863ef2884267a2e5e3f5fa643c30351f4edd0

      SHA512

      63d8588b16d2c547949aa61df3453cf639789b57fe9f0ec7ce741e78a9f8b302e93053a9e9a4ac8b797a5610679fcb5f74027b9652afd3aeaf1c183d0261ecce

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA5C2.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA5D5.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2368-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2368-18-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2368-7-0x0000000000490000-0x0000000000492000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2368-3-0x0000000000300000-0x000000000031B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2368-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2368-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download