Overview

overview

10

Static

static

3

4ed50bf68a...18.exe

windows7-x64

10

4ed50bf68a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ed50bf68ad482ea7f07d55b25049687_JaffaCakes118

  • Size

    354KB

  • Sample

    240517-hcc3yseb37

  • MD5

    4ed50bf68ad482ea7f07d55b25049687

  • SHA1

    1993bc0ce78744f35444760b073806d5b97bd35b

  • SHA256

    a9b3d32ed9f73a4cf67f5619c9d5820bb252cf1ee105868e2a85b551dcd88aa2

  • SHA512

    6cbd5312a908b1b6c2a68fa937921a47075117bd6f751eb96640eb24a4bc5b175f7615eaa1fd0e5630da59331ac776e205e8e5a343f8d85a0704837a0c706a73

  • SSDEEP

    6144:jQp7pQMOtvhiNyVyZHbzU5/JMi+xLus/AWQB9X:+pWhcyIZHnU5RPu4B9X

Score
10/10
gozi3177bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3177

C2

wgcjeremy11.band

skelsigabriella.fun

xelectauishanie.email
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      4ed50bf68ad482ea7f07d55b25049687_JaffaCakes118

    • Size

      354KB

    • MD5

      4ed50bf68ad482ea7f07d55b25049687

    • SHA1

      1993bc0ce78744f35444760b073806d5b97bd35b

    • SHA256

      a9b3d32ed9f73a4cf67f5619c9d5820bb252cf1ee105868e2a85b551dcd88aa2

    • SHA512

      6cbd5312a908b1b6c2a68fa937921a47075117bd6f751eb96640eb24a4bc5b175f7615eaa1fd0e5630da59331ac776e205e8e5a343f8d85a0704837a0c706a73

    • SSDEEP

      6144:jQp7pQMOtvhiNyVyZHbzU5/JMi+xLus/AWQB9X:+pWhcyIZHnU5RPu4B9X

    Score
    10/10
    gozi3177bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks