Overview

overview

10

Static

static

3

591a3d2238...18.exe

windows7-x64

10

591a3d2238...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    19-05-2024 06:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    591a3d2238c8d37711181d2c118cc9b1_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    591a3d2238c8d37711181d2c118cc9b1

  • SHA1

    979de11fb7d1ee31a7f39a6275ab9e5f98bcee32

  • SHA256

    109ced53fd27efac18e0b6934e9f50182f18ff0dcc505abcb65ead3da1e19f02

  • SHA512

    78a58e0d98fdb9d89b08d6dd835390882b3058c523fe65b519a4450a5284921bb1ff9a0251b0ab52a44616ca7fdec73e4a150cbce79871877e62aee7f108197a

  • SSDEEP

    49152:4SuE34trqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L30qPKIOson6Cslny8WR6wOHstehsC7

Score
10/10
gozi3184bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3184

C2

qfelicialew.city

mzg4958lc.com

gxuxwnszau.band
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\591a3d2238c8d37711181d2c118cc9b1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\591a3d2238c8d37711181d2c118cc9b1_JaffaCakes118.exe"
    1⤵
      PID:2108
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2476

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9db1c2f624ee63f751195dfe62afd791

      SHA1

      65b55bd3dd272f58f28648e7f1d2fd386f0c1b43

      SHA256

      ea04da665bd86fec611f2eb091f55a93ba69f67da999d70eb7ceec525ce9254e

      SHA512

      21f12962146a1fe0d0616951ce40701bf7457234272caed593477f1e19663a4aaca391ba449484d08d256e28158d44fa8db297ce7c51b880b124e8e2a7d66082

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      73bd70d7cbc041c66049e83e1a65ce34

      SHA1

      2b5dd7eb8bbd3f711502f17403bb80389e763840

      SHA256

      7b1a78c5799ebabbf466b864661f837d6bcb5091f1f9f70a96c78ba5698cad5d

      SHA512

      58fc40f134b83163f9b1ca3835d122a1fe3434c5db17ec2ffe910d75bebc22d4b44a7ad3c02fc4fe816acdc85e607105a90c059fedf2c7063590cafc556a8bf2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2b4d0d6f3a8a6a55e6548bf0faa62487

      SHA1

      0c22543c50eb5a247fee598d7955b519894b8a3e

      SHA256

      2044be02a061d9e1574184998c6f9614e549c1cc5732747cf660cd0d44d52c31

      SHA512

      4f6d1ac5ea8a85e4c8cd9018937c5514f15b6e5c40983435cb7b44cd20df8abcab20b052c0ab8170a7662928d0af82a339bf5ffa5b254096a8a86e39f0feac12

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      43695864c16654fcbfa1c77fd92c800b

      SHA1

      0689db0ca116f834189b75f8f0feb4b8028639b8

      SHA256

      68e7ab3b195df15d8aa92edfa6fa13cb204340e81ab055100fdc5049408b568a

      SHA512

      573666a9d6b976ad4a7aed892c0e44e301da895d6b20a3433a9f0b5bdc2d48195089f06dbbd1afe0b1c1fb51306763eedf26e8a575abc092748f65fea9588538

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      108605576c0a4fd32dae12d8ddc28dec

      SHA1

      d531fdbbef4c8c1c4a0edadb215fb1acdbdaf304

      SHA256

      fbdf0e7199d83a3966813cc23a044cc54b30897007ff54daa42b3bc9f05c9dfd

      SHA512

      e572f80e856aed36d9f12feccfa6ff5a13e36c0c9ded9d7c57b0355733034c68b47c0ddc490ac4a4e05011cc19cabc2d7387e5cce9fde36a9313f01048f8df62

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f690fa3c7b4c8f15028f2cd3063946ca

      SHA1

      fcd895c5e1511ae98e90af96c20bf0065f0aa614

      SHA256

      d8200cb89a96fae037a991ddb493cf5c9b91b8300b12e9f0d1b8cdd1c69132d2

      SHA512

      81dcd905a63bfc57460215fcba6cc8ec30d1db070c383958b390f85ae6c03dee3a249dd78760443043401586155f923347444686a819850346b8bdbbda9ef8bd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      439c74807be34faa74888ecee58053e7

      SHA1

      657307f7681d7e2b7a350f467f32940e47c8b337

      SHA256

      63795936e1cfa1121f86ad89819156955c8c35409d316609b8a5529d2a8f6ac9

      SHA512

      4276de971fa56ef39cb7f8ac8a4746ee739f9bb59b63990ece5892620fddedfc79e214a9c8219d1e5196e47d8037c64ec209eefed7a224866b2b3b7fb3108547

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      03c1cd5871aa403b725907fc6917bbed

      SHA1

      467e2d2bff492150447ef1f0ebfd5725d3e916ca

      SHA256

      393ce974540f15a55cf5b2539c2f67332a8489540ae8693c779ec4e560df03f3

      SHA512

      cb7ea89a907b5b92b7f2cec392e30082cfaa610b6e4dfb05eaeece915c91adeaafa9a3253c2c53b0b7a4f6209f43bb9d0cfa468201770cbb486678f6a91130f6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b955e5b6e56eb9bf5e758a1664ebb482

      SHA1

      0fc2321013d46bf23db6b45de379924ba5afbef7

      SHA256

      a5aea6c4aa7317119744414458893ac984a41dca6b15e8df798b26b3148240c3

      SHA512

      2dcbd502790c381dc889df18f64b7d9765a654629dd264feed8ae522a7e1629d70a1ae3fb86441372e68958b0582ce64ea188086875801141c27a495ff069aa9

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA595.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA677.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2108-14-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2108-0-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/2108-5-0x00000000007A0000-0x00000000007BB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2108-3-0x000000000058F000-0x0000000000594000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2108-1-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/2108-4-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/2108-8-0x00000000008A0000-0x00000000008A2000-memory.dmp
      Filesize

      8KB

      Download