General

  • Target

    5f4e1eff7c8c68fb669c0f97ec9c9c35_JaffaCakes118

  • Size

    139KB

  • Sample

    240520-qnvq5sch5t

  • MD5

    5f4e1eff7c8c68fb669c0f97ec9c9c35

  • SHA1

    31e85a2f6983ddac4ac5675831893c0fb4ba2000

  • SHA256

    785fc7cc728fcc68c3b8e59f016443029bd43552754b9aca72f6fcc4f422cfeb

  • SHA512

    1d6b51f3569e4b73e2b469289271d7112fb5a4f870b7985803902dd372726265da67dfb7397e2fb54331285c7af500da8a80bc78921926ec41ded7278bed7ab9

  • SSDEEP

    3072:K17ujx+j3Y2QoGRSd7I9Vvo0i+Enq5L0pq/43M:Ktu1+j3YJ1RIdTqL0c/j

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3134

C2

zweideckei.com

ziebelschr.com

endetztera.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      5f4e1eff7c8c68fb669c0f97ec9c9c35_JaffaCakes118

    • Size

      139KB

    • MD5

      5f4e1eff7c8c68fb669c0f97ec9c9c35

    • SHA1

      31e85a2f6983ddac4ac5675831893c0fb4ba2000

    • SHA256

      785fc7cc728fcc68c3b8e59f016443029bd43552754b9aca72f6fcc4f422cfeb

    • SHA512

      1d6b51f3569e4b73e2b469289271d7112fb5a4f870b7985803902dd372726265da67dfb7397e2fb54331285c7af500da8a80bc78921926ec41ded7278bed7ab9

    • SSDEEP

      3072:K17ujx+j3Y2QoGRSd7I9Vvo0i+Enq5L0pq/43M:Ktu1+j3YJ1RIdTqL0c/j

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks