Overview

overview

10

Static

static

3

5f4f2362a0...18.exe

windows7-x64

10

5f4f2362a0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 13:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f4f2362a0a8649583d63c49f5012802_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    5f4f2362a0a8649583d63c49f5012802

  • SHA1

    47b3882952ab12f0c0a027a85aaad9bc17639eb0

  • SHA256

    d16d5422d8a96f0d6c3daed4c02758e20a5bad1f5ade445800c65139d2eb4341

  • SHA512

    d230601215efb67778af0ec7e3362d0be9235b038857e138628ac0ff1cf9b3d988264f60be7610c8e2bd8a607ceea96261af6a66e31bb514f2b44b9ffcdc94d5

  • SSDEEP

    6144:QVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:QVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f4f2362a0a8649583d63c49f5012802_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5f4f2362a0a8649583d63c49f5012802_JaffaCakes118.exe"
    1⤵
      PID:2072
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2844
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2548

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      90ae243bd82eb5bd4efb1a6c9fdea9c7

      SHA1

      a75cffe8d1ae47a99cf6c2a20ce6b260789a08a6

      SHA256

      30684fa0ff69ac8bf7b2f41f243a1efe39943f52ea28eae9ba64e4335c8104ac

      SHA512

      921ece6f9b1ccfbd5f133b1487e987118a6b2cf1af0454e44828e61998cf07dd92d57a4b40fee9ad3aa02f0642131ac169bc80e58f70ad9e14e57e2ec05411db

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b311849eb316c6cd2b95e3da29840480

      SHA1

      da80deb4d2ef3fc4bc09d54338570d0db3c6a42d

      SHA256

      0c6e78a3215be8dfd899d2a53de6898a996bf7e19be8cf0ecf211312a6c9b8b3

      SHA512

      a59fe28c3c0dec90a6a6634b823f3f446cbda8d37e6395db55717f7d560fdb704c621384f49e29f8b45f5cec91b37035f36aae12b4b996d720f48aeb0860c91f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      272cbbf6615378a708366a3474aee64f

      SHA1

      6b04f4f48d45c91e548866ca0a4244099cae6316

      SHA256

      927f5454d20719aa712c574d2ca4c8279829bbb984052de332982a4fca6836ab

      SHA512

      82bf02a66f0bef682d9b71f8e9bb6dfa07f63c83b3f00ed2cc0dc6ef9989d2f6b641fddeb96e02b7a032c9e88822edd5d24caffacd90fc20ccbd330570c69af1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      52fc37daeb52d63d0f15b832931e2f3d

      SHA1

      46c7822e52393ba20ac9e9c988fa3c6ab105ff6b

      SHA256

      5c334abdf3c0a731f0bec4426971f7466400800043a0344fca19370980e6f339

      SHA512

      47298c7c47d50aabdca76c40210469733d3bff91cf4e53b7cdc64579d920c996d5bd8c5d57ca561bf7982863864d092c49263d9ec7704502bc478e62b8b4df29

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e9c701ddc759062a767e2c4e78f5baa3

      SHA1

      10abb3781a947a0930d48f877f0c3db40c58d55c

      SHA256

      0872f560ec38b6b2e49f869e9b07ff47422ab2314cc1ab24a3f47333a70a6619

      SHA512

      51dc0a9dd51aac796d549ad51bb2916cd947cd4834cd034a3307008707ccc0ad75515d3ae87e36375415b44904e2a5cf6f7bff106e5c77c3c12c27fc07801655

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fa5c42abd01251af56d1d9c8d9fd4445

      SHA1

      2aa665dec9611b3c77a53b786826e85c30823bf8

      SHA256

      95f5e1d5ebea036e3727b5839ba38bcda8ab7081680fef7cea9cc9a2bb1d0894

      SHA512

      0b93000d0ffa32b366bb030342e2ba87e339904662a9054a524535d874aaadfaabae5d49ebcba82f00155b934e1363c61ebb235df6b7f785452ecc74ebe20b4e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      09ea3725f4b95d357c2fe5ad048ba5d0

      SHA1

      19997760ae406e25208a59308c82efa3fcdf7c8c

      SHA256

      e00aa0422de07c8948c378a02712bda1885f86e879542508d8955b13d53f7d65

      SHA512

      92a3a9d5af7df3ff08710aa784be12ddca99485c4678028a59da701b5144f1040ca52796f33273f8bce65db843ed2d77c6dd3d6311e0d57269fe04d797ccad8a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      acc0296b7b59f352a37de8210ec99be2

      SHA1

      fc300951c129f2d468b8d3b6820d595d9900790d

      SHA256

      c0ff4c99929acd6c8b0d933b8aa49a40f037a60b70cea946164ee81de4540627

      SHA512

      b396a41c6a8815d1a7b27de2dc560ba6b466a7811945f0ab45e331aecd34f3af9fbdd967717d42a8854b792c96bb09618a2eb402d7de0c504f4077de87ac8338

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e85be2937357f9a3eb6278d70be7cde0

      SHA1

      8dedbad17160e2753f6c68b75b6149b2e3d3a633

      SHA256

      80bf55312a8b9d8f06a0fc0f68e2081db9ccda48eafcecdea7474868267c237b

      SHA512

      b86b750b400eb8b40134b50fdd645e4f2d91835680de4aeb41a823d440361c88e6f1d79ce75f2a4bbf90d93b5722a5de3878206e1c1d6c95342f25fe57b5bf5a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab8BCD.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar8C91.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2072-0-0x0000000000FB0000-0x0000000001003000-memory.dmp
      Filesize

      332KB

      Download
    • memory/2072-6-0x00000000001E0000-0x00000000001E2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2072-2-0x00000000001A0000-0x00000000001BB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2072-1-0x00000000000F0000-0x00000000000F1000-memory.dmp
      Filesize

      4KB

      Download