General

  • Target

    5cf50b45e2e3dc904429656480609ac6_JaffaCakes118

  • Size

    372KB

  • Sample

    240520-d2td1sac91

  • MD5

    5cf50b45e2e3dc904429656480609ac6

  • SHA1

    38f4cfe6bcfb7e07446f5b6f6bdb252e029aa54e

  • SHA256

    f46305efa3c61776d5ca3f4d1a25f2a99e0eaa1fcc9ea3a8e736a8305fd63a3c

  • SHA512

    88acc5491c3f2a7992c28c42942cb0277c8b744581be5675f4872dd75509571a6b3cf967d802d069c3b1b9e911c747149994938931b23c11522fe76456c54883

  • SSDEEP

    6144:QfsvEug4/COMAIOVW3Uqz/HJpadR5FzygF:QKEufaORxezE5Fz

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city

Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      5cf50b45e2e3dc904429656480609ac6_JaffaCakes118

    • Size

      372KB

    • MD5

      5cf50b45e2e3dc904429656480609ac6

    • SHA1

      38f4cfe6bcfb7e07446f5b6f6bdb252e029aa54e

    • SHA256

      f46305efa3c61776d5ca3f4d1a25f2a99e0eaa1fcc9ea3a8e736a8305fd63a3c

    • SHA512

      88acc5491c3f2a7992c28c42942cb0277c8b744581be5675f4872dd75509571a6b3cf967d802d069c3b1b9e911c747149994938931b23c11522fe76456c54883

    • SSDEEP

      6144:QfsvEug4/COMAIOVW3Uqz/HJpadR5FzygF:QKEufaORxezE5Fz

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix ATT&CK v13

Tasks