Overview

overview

10

Static

static

3

5aee524d47...18.exe

windows7-x64

10

5aee524d47...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    19-05-2024 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5aee524d478760de9d848a4a749ca805_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    5aee524d478760de9d848a4a749ca805

  • SHA1

    c009ec659d5bc86ae26fa229a574031a90287532

  • SHA256

    76a34f89dcee59fa04fd1e7b16391c0c09944c2c026dd67bc4fb408f38ad7a4d

  • SHA512

    c8d13fc8d3c6ba9dde83166177a57b4f469a6b78c7460438e007a6fd9122ede2c18cf4410bc31c79f9749bfccf609cd0c316e33658423ba6cda38b6f58651103

  • SSDEEP

    6144:QVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:QVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5aee524d478760de9d848a4a749ca805_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5aee524d478760de9d848a4a749ca805_JaffaCakes118.exe"
    1⤵
      PID:1520
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2768

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3197c019202b4a88e3f600947d1b3597

      SHA1

      570b22e10651a675ef49b9d167a46afeefc79aeb

      SHA256

      83c0c5dd4687698d3005d9400e2e9c03fe9626e6f5bbe2d73f6e00c579214ace

      SHA512

      8d0c066a6625e90f7824557f4f4ece54cb39bd3eea10803affb271a781d484b9a3d6f14b736ed6f83c2f4d01143e8d09d0944aee1d54c4efed39c6772cfc7804

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      04d29ed1c4466c3ecb185043a630e368

      SHA1

      73ded062bfe93eda65a33d090e7ed8f074c604cc

      SHA256

      7e620964a83f4ecb27648e8c9e71e102a6e71d55c9724192b89f0cf5b9dc76df

      SHA512

      5e66ea5a9f5072c3e1c22fc2e2006e1ef91bc197da96cb6695b8c492b50ef865f438587ae020513fe02a1012ed492117d9c065fbf284eda0ddd3ca148f8cd633

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ccbbdb88b3680c751764691dd0d7969f

      SHA1

      4bcda629d2cf623b85b5042ab406104d71bdcec2

      SHA256

      8a400131dc7856386d2c7b710aa5639a168c34a84da72b0ebb8f02ed71cf9961

      SHA512

      428b9ec289490a5a548fdff3d119e4d5f79a6e3c75f684a357653aaa6d68d8c9484a78f4e8af91a767eff06f08ea13bde0761f1644993eab72c8c33995ef286b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0bd456b14d54da60e6f54859fcc029e7

      SHA1

      6242e664b5bf00d282232ac31c9548a9b1632354

      SHA256

      4eba175d82025f297a925de019eb7cc31ccb7dd60a28894e7dddb53691387b48

      SHA512

      eb837b45caca43f5d67545d2e80a7f172faeb9f436e08ce0f35ef8cd988200748441fcb7241ab22f34c1327b4c456755a7ca49ed81f9753e2816e09b0af31431

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      febef9a76981a46fe3c906157d90b262

      SHA1

      3500dd5bc554042495a0308be59b960e0731b55d

      SHA256

      c57b4f32c0a420797ea7b6e6a4f1f599a1fba51362ae8a277b3351aaf6b99ac9

      SHA512

      0e4ab02b0630e6305ff941d4a7c08eceb68eb75ff3b879775cda2bbaa002a6bccf1638102c0569bd41046dec17e26791a319b1b6b2519d7605a4672fc790034b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e67bed1bd26942729948ccf325e1af22

      SHA1

      1f3d80a64339ee08cd02b9d9da4254d2ac76d762

      SHA256

      b5f80282cf588d758d29158447f4b9f657b4ab774b02d2650f3b8d80549b6499

      SHA512

      2f31001465d0e2645c1269b047fa731f82613c9493a0d67c9e8f6f2204c6b8b60eee5ee7e0b5c9715bfaa75fc900b590c3f7872fa305501c0ac61d215cb73014

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e14ade8e0a0db7f0136f662c6a71af90

      SHA1

      0220fa230ed03d7b92b96a023065a75a4b0612d6

      SHA256

      30cdc2caf3e3308e229240a5fe61c014f2635af62a12666ee411a3ee936b2e9c

      SHA512

      a182fe1ab81ca1a745d5648aeab46a7c59d7b032d8d169afff8f50fea6c187b5e9fdcb92de7ac254d19a181282f001d8fe6a41a1d794da16ee877abaabbccb54

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      02ad0e576a00a5751516aa1f882524c5

      SHA1

      0cdcb17616ef978a3277538db5c41d0264469003

      SHA256

      ec6fa14f216cea09c0c39d0818579fa1df469c0315a0f370b68c4f0e735b1166

      SHA512

      86e4b485da558e84c936b0e10abcac5be1c0fa3c523bbd391be819807300a769e93ab970a70db0ea9ff19115d386681d0e403706f52530a947b5d00ee8b74de5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0c18ed3b03111558067ee52b0fe998e4

      SHA1

      df65164a2345aa121974f75d982d74e7267c3a1c

      SHA256

      918caae78b078bd63b601dec0af5ab3065c2746b5e9f1f99905736d377cc9c25

      SHA512

      32970749832f4e6ac68aa72a3816e9f1b63c6c91ea793d5c9eba3fbdb917cba90359a69aafc22cd2405a9caae6b3c633e33bd4ce67cb3f6a3532073986c780f7

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA22C.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA28C.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/1520-0-0x0000000000AA0000-0x0000000000AF3000-memory.dmp
      Filesize

      332KB

      Download
    • memory/1520-6-0x00000000001A0000-0x00000000001A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1520-2-0x0000000000160000-0x000000000017B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1520-1-0x0000000000130000-0x0000000000131000-memory.dmp
      Filesize

      4KB

      Download