Overview

overview

10

Static

static

3

515699b64c...18.exe

windows7-x64

10

515699b64c...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-05-2024 20:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    515699b64c0e719d2fbbc228b1a8c1ab_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    515699b64c0e719d2fbbc228b1a8c1ab

  • SHA1

    bc56ae02b864b4870ee0be5ee3680f5bb4bb26a9

  • SHA256

    ca29eb42bd3c31bfe856e3aded778cf4bdeb65130e8780f1c0ecd58a2f7ca4d5

  • SHA512

    064e7728258ee719132b7fc4f2767ae141354ac589bc5c2c208b161879b0b43cc2f783c294f3cc1014d1b2bc26286792eadb132e5fc3e77225ef3a26dc955ff9

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0S2L6BWnqR+yV:BHXDy1qVvZnOe/HEyo1WGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\515699b64c0e719d2fbbc228b1a8c1ab_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\515699b64c0e719d2fbbc228b1a8c1ab_JaffaCakes118.exe"
    1⤵
      PID:1284
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2736
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2268

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8cdd1b3251435fe22c59fac762cba8bc

      SHA1

      e3908b452f83dded6ca8caec7ce0be5bf3436fa6

      SHA256

      06b17fe25f3625ee195772b8001165b5dc8538a6fd738169f2d71943a77398ed

      SHA512

      b1e183b860a69508fe58cda333c6a47a89fe59a76e9e509c726afcdb9fd79faec3010afa1e3285c715a02ec8a6adb50d0eb93c22e7ec268117f3fe636812dde3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      52a709b09b32d727cf83c2516704d5e3

      SHA1

      53bb83750811cffcba640fe2b13455fb9df1b6d1

      SHA256

      ed933d43a50faa994815691ce9037d3e4db677dc49bd75ffe200fb632235ea6b

      SHA512

      358df1f80040b6771885b88f8bc5384049d9cd6ed8614d78330779383e58db116e4a4d9757615146632bede0865f4e0fef8939955b12601cb536fa35121b4ac4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1e4974dc50a7faa61786468c2781f9ad

      SHA1

      ecc1ebd8eeb845670c750115db72d49f0250ebc6

      SHA256

      e43029d2b850ab2968382ddc3182dc98936ee4bac7df73f6286bb036ea1fc01d

      SHA512

      9fb6a5fb148c5e04bbd17bf3fa383875bec37517f84a22560dcf8b56a18dc2351aa3a59ec540c7e52ec2ee50f8104fede08f2ac9347f4672fc4c8dc0fe16ca71

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ed51bba5a9603e3ba753e94b918689c4

      SHA1

      ec1456aa2d1375bc25ae04112fe16158529b695f

      SHA256

      5b81637ce1962cb828a292e980538062f2351c27933ef7dad6c010fc846823db

      SHA512

      6a2a2f69ca3579c974ada1f47a0fcf924d845cba7b5a72fd0e57563e740a9403947f0af55e3b330c4e5fa4e6b22e4553b612f23b6bf0a8e300361cf916a54aac

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3a2b85fd23d4f8f7394aa5392925a888

      SHA1

      64637f900cc4d9440b39f76545479788d48f00c2

      SHA256

      f58d118e019059bbd9c518477e9ea3d8f54d9fb22d03bb58a2185741a82212f5

      SHA512

      83b913474a92fe403ea7a58b254cca70e9e38f9b6499fa585ea4914dd1c60fb81e9a3668738dbcb23f940e4ff0a0199d4c2df4d9c204ce53682e412ddb6f6987

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      062ff45889509e44e469e12aaacd8aa6

      SHA1

      c791ac4175ce4edbd17c058d50cfca639ea8de14

      SHA256

      50be25e8b772241570cf5c6ea2fa2acf5b7a4dd825455bb49e10d334316566c8

      SHA512

      5eeea9794a03825c295b48f7a0a46cdcc95fbd9d587d2532ad4e47cf75a37d5b2b7959f238fb3f5b669e91c2d1172773f62829d1dcf29c0876c9c839e29760d9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a9148913832f7ff8472fd28bbf465c2e

      SHA1

      c4cce22d4d84fa96a8e1f2dd03f438a68b4fcabe

      SHA256

      92bd3b723f59d96c5543fbc348063498ae016366cf1f9db21132443494f9e21d

      SHA512

      45ef98d70531aa6e21e8d76af3992a0a7549080805365325b88ac4cdee5a9d4f0c2c2d361afc84e8096d0a551e5d999ca7e6957e4b4ddfebf37863a101e232ee

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      16ea3b94a4c0b5ee715739069719a8e4

      SHA1

      cc6f368550c7b27350fc23d99dd8965ec9497808

      SHA256

      6dcd7f908bfb8e653ff61f2c13e686995a01fd4f180f17d896cbaa708fba223b

      SHA512

      77bf885f739af249072d36c60bd77f7f0c5b630f5394eac327b967b35ecfdd374a81d56284c9fa95d0e1d77207f2efd96377e4d991be69021fd360352a1e206e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a592734ca07973dfea3bfb95488214c7

      SHA1

      0acce57240c924d06b12a99cbb8b6f18365315ad

      SHA256

      993b4370c471d8fc32cfb4f4b4db4c4733659f741ee5b2a1c5b141fc07d63b38

      SHA512

      7238aaca76ba76205a33b348210bb1c91774455f3be61c786058ee2e1ff5eb6f3adc6abb0909e21b3be8ea45c55656dd28e9013c2f3ea0fcbeed124f1812de06

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabBBA3.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarBC05.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/1284-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/1284-11-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1284-5-0x0000000000320000-0x0000000000322000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1284-1-0x00000000002E0000-0x00000000002FB000-memory.dmp
      Filesize

      108KB

      Download