Overview

overview

10

Static

static

3

4c8b4c34d5...18.exe

windows7-x64

10

4c8b4c34d5...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c8b4c34d5035beca0d8681e9829d573_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    4c8b4c34d5035beca0d8681e9829d573

  • SHA1

    c6e923ab7b8ce7c58bf3b7fd4fa57fb2730811b8

  • SHA256

    7fef19599fb5cbaf9f6ae51e480035b7318585822ea405e7d9a1547edcfbf32a

  • SHA512

    61ba7ae7f3f5c9f1bf8723b308b8ff70f9fba01dcc0a078b80b32abb1912f1b0add6e8a2a87e5df68ccfe770569076aac12794dd9330f0558942d2990fc86de8

  • SSDEEP

    3072:9xji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9ldp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c8b4c34d5035beca0d8681e9829d573_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4c8b4c34d5035beca0d8681e9829d573_JaffaCakes118.exe"
    1⤵
      PID:1280
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2444

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b97ae0ae2afe6f5a10c1b059f4d332c0

      SHA1

      4dee12ae3e1d799f95ec025250cffd63d0565dfe

      SHA256

      19ab181564511073ba4bf8babaf5341878c7f800e1904114d07a52570806e9ee

      SHA512

      25cad050533a01161c55b5215b0c674907b3293f6f1e7cbf32445a0007fa32e270c6f0ccdb9f60bf18bd371f03eed9e0a38b0d9164a43f575f982a52b40a6ef1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      057392d37138edf10cd3bf125bc9e2ea

      SHA1

      033060c882c8561d506fcb5ba78e3e235645b9b6

      SHA256

      25eeff35c9ba543b13dca395ecc491fd436e9be4ea3d8b0273bfddc91495cdb2

      SHA512

      3702027bbb174ef3a31782b06ab35c3bb36b525bf3529f75ce03d5442b652ccdfb52049b18042535954e7403041c70ce901381e1cdfd9d26e6aee2c589dcc558

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5dfdf0a674dd9a13438b2fdc49fb5b1a

      SHA1

      91d615b76c2007171613e71f79442e2971e673c3

      SHA256

      b7e3628bb101a5e6749d1c027b2c4c1d066380fa55edb44607f87ac25163ac92

      SHA512

      19c609de2e4cf11e002b7c7c3ae51b391f0b69c591e46726d75519d18743fba6345ec4ad4288ecc5dd360bb8cf908f88a82a8ad6db45509b175e14317a304fe4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a1978a5fb0f67f0ebce772cd66c36449

      SHA1

      e8e7d9daf1e611f374a725fac97d8949ec2c44f0

      SHA256

      ae9e4dda9d9d4f3e2f245d3a6023718a42b166e51bb7577bb208d8378ee6bcd7

      SHA512

      8fbe12f5e888c08dd69592fab05d09a5d7afc8d75d9f7f902f4c8de76bade45002e982648503b876850999fbb69ece20538bbbf9f1fd61979acec9bd4686bb9f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      300379d1e3148bbc82d584191b5eda3e

      SHA1

      bc5eec434c96e624f214707dedf4b9fb4c365918

      SHA256

      ac13d3285e40dd3c9d97cbf7c23cecb8b134bc0b893a980c5d6cb966641ef09c

      SHA512

      796c98b1775ed67948c2a02f782c4c7fbc3b166f1d331340af9bf48504822e9083aa06109b8a5f11b420228f4cf76686bd4b377eb171d9e27fbf534b2c73ff8f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9aaa28edb3d77fd4213417dc807e7a17

      SHA1

      c22c3ae965e954db2b383575ca8b3c9a13267083

      SHA256

      758d54b63c35241d379c26a89565e889d5588846e0d716122b371de040d93986

      SHA512

      776ce2a136c0d74040a8422180fa52da87e4d6499653d8881e88d7acd2e6cdeec8790152e733e67d26f691eb61aaff6daad5080ac15f2b6775fff2bb663d65b0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6b08f59023c1f500e5924b2ecb09cba1

      SHA1

      0a0de986905c3afd8a5d169baa40fe91628aa966

      SHA256

      717cf7e4c542b063e911bf06c4b90e0f178fd84291463017b0f1b9e280c12fcb

      SHA512

      8d239bdc2ec08f6bb3ff3671440a796c191babc9d202f712dbe5cce286eb4d664d9cb7ed8fa6a668ff9a7de5bda685c27119f9cd858a9fc212fe26979eebedb7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      13a10ea486e95fb45526897b19b6a3da

      SHA1

      29f037d40e6aae5d77ebf161af2744be499227b5

      SHA256

      9fb8298c6b4565acc37ba269c9dc3de424604fd6914ba373066f9717cd8c9748

      SHA512

      a57b672639f117635e0d45f4e1b3f9de85cefdd9a5bd60f7a254741d704fd34e8e6ccd14c89eb1249898fcfb84bb1ebbe041eb5bd3fef0919bf8cef30cbf0a61

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab985B.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab990A.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar985D.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar991E.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/1280-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1280-19-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1280-7-0x0000000000480000-0x0000000000482000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1280-3-0x00000000002F0000-0x000000000030B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1280-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/1280-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download