Overview

overview

10

Static

static

3

5879928083...18.exe

windows7-x64

10

5879928083...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    19-05-2024 04:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5879928083a5e6933c6c78e956dcc9ad_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    5879928083a5e6933c6c78e956dcc9ad

  • SHA1

    9be20730dbdc48c7a12d0a17ac5ef7713e4a734d

  • SHA256

    de4a594889ab5d72e6f296f966d41a303a449c7e64bb56fae036cbaca727f2c5

  • SHA512

    d84a746647bc8f8eb520441c1866e21a3f152218d8a13a00d662ef0af6d78f75139158af61c9effede72505f95db1542220e6b73d127cab89c485e9bc70af09c

  • SSDEEP

    6144:ZVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:ZVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5879928083a5e6933c6c78e956dcc9ad_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5879928083a5e6933c6c78e956dcc9ad_JaffaCakes118.exe"
    1⤵
      PID:2316
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2800

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5ce99be62755efc41a739edd4dbc1a09

      SHA1

      51fd5f07ba6b85df1830a00f5d65ed896a233a6c

      SHA256

      8766557f2e535216cdacada8bce959993e06649748e36005c74ce22ba9b47061

      SHA512

      f9af0940496befe10676d8e662ab5d6f514782326817498f8cb0e0c61064289705678e34dd4a5af9350d6f1a506ff241c39b2a2b99d5695d7c0d085ea2a7ab02

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      de2ac799df74c467f47503493fc267af

      SHA1

      381f37313988ba90c6dd7306cae0ad7a5ce3e992

      SHA256

      1316d312d7510ebcb56fa5d8985ff90c0ca2a17fd71109120d8853687beecac5

      SHA512

      292506f18fa8cf110c76e6b9dd383aa1e0b562c7f846fcdc4423998d44fa157e0c43c50e7110c7a1a8b81cc19aaeb4ce8ac848b05e8dbb2422dad3f1cac246dd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      62379a21cce04a311e9dd1213c5477fb

      SHA1

      dcfc8208a971ca6b2a33c8d7ba208ccf9609b5a2

      SHA256

      cc5bb9c137bc19524bda9cf64266608f0409bc32d6035304ce706d932226ff7d

      SHA512

      6695c7d0b6a4d2a7d1401078d1357fd44dc67e83c142176ff8915f6c5f5ce2dbafafc305d3cf391aaa2c3e5a8385a21a3b85d1540ed24cb01cac8f4b13e8e0a3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a7cbad3980103386ecaa319249d738f3

      SHA1

      dc4da6c4db0f542649d9aa1210514fe60378e315

      SHA256

      3b4ac98e3c3b5fd91b126eb54335f50e6f0569f396be591ff8a23d523f7cce5e

      SHA512

      5da97d63b1202d5efba22c555d25b7454a76c2d36fd378e17deec4c9efa5d3194441fe04373a05f8d14f2320404d9cb7f0d9663a8fbb073049725c59b296ba11

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0fc49245a897d9c52545a4e8a5d0e4be

      SHA1

      60157ea8a7170859d883ed5dd9bba6c98fb4dfa4

      SHA256

      5a9ff3eb751a800fd80413efc5d810cbab0755972df593b0fda311bde209b3c5

      SHA512

      51421c8361e4761104dc7be55ecfe568872d0564e5a549394c5bc294e06c40c4b45b62ccf65b2484bb85bb261121a5746676ac5e5c4955cb3d7dd7273af022cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6e7a6c75aa94c5e1ab176833da661426

      SHA1

      80fe8094433dc99e154a3a72060f2fd4a7945f84

      SHA256

      fb3a6c70891236e0016b3c282e10dcd31ba58e8b371c7a297413b9de695c422a

      SHA512

      90cb1af6df5fd0eda0d2420eb420c692ab832134d6ff636ceb0693bfb3ceac95de9e08d57d461c92159abecf4de608f903e0c59274afb9e1daf1a926b7541e64

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      de6ba109fb35917f9be2f5635b14316c

      SHA1

      545d01f65698bc8422169002377e1b817402cfd0

      SHA256

      41d022497da8b78bc199bffcf6736200fc159496ec30184950fd2e00858051b6

      SHA512

      ed7c85ad2b45bbf28609728f25e6ee112fc6848ab7ecb760e62f2ac7b43da1ab737db62225cfd9457c17d434414983eabea6b0e4262d161c87e210f7bce5a3af

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2c0673a7e30b3716fe7b4ef1afb62f86

      SHA1

      423f0c29a5c3d5b8833698bcbb212ee3a9c8adcd

      SHA256

      ea9c58a1a24a0c98eedeb723ec2e337debf3c6033ace187171e9ed9a4076e871

      SHA512

      c4d07526cfe24713779fc203210dfa56db27d66c4095c16c49fe182a16470f985a407411aa106fe5e7dc825b1463b6d3f557a9a28ae7f42af71b4734c0ceaf9a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dce64d725f80ac01fa86fc4ebb27a981

      SHA1

      aea6dd355a80499720d893031a3ef80b0ac3008a

      SHA256

      093089c434fcca1ea5f8ff2614b5090f5d18ac2cafa5e0db532b51c9d55ad09e

      SHA512

      0e6b83a7d8a8f09f5308adb501a652d0198010c98cf9bd5b38569ab5d299c8f1ccd0491d38f8d8de86103f2cc7e19c3b8aba2d827e0154b6c1af736dd104cd0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab84AB.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar857F.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • memory/2316-0-0x0000000000C80000-0x0000000000CD3000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2316-6-0x0000000000160000-0x0000000000162000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2316-2-0x0000000000120000-0x000000000013B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2316-1-0x00000000000F0000-0x00000000000F1000-memory.dmp

      Filesize

      4KB

      Download