General
-
Target
60a6e455ef240b89acdeda979beb376e_JaffaCakes118
-
Size
1.1MB
-
Sample
240520-xjt3dacg35
-
MD5
60a6e455ef240b89acdeda979beb376e
-
SHA1
2bc1d323670a03676107c5c5cc773eb34d72bc18
-
SHA256
5e20dcc938ce2e061104b90a90c2f8d14f814f674184519ee8c1c018ce5faa6d
-
SHA512
b83e08bbd47b6ef520bc22509dfface44c9e527d10f753d099e0ddb52b22bf92679bda62459cbc8b519345c3f1fc18bada907f63849436623fb47c81b9a4dd98
-
SSDEEP
24576:umpC5XQ4oIJW7mmCi1t1Ajn9V6YmA7tOJLbXq7:uPQ4oIQR1LHYnOJ3q7
Static task
static1
Behavioral task
behavioral1
Sample
60a6e455ef240b89acdeda979beb376e_JaffaCakes118.dll
Resource
win7-20240221-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
http://ey7kuuklgieop2pq.onion
http://shoshanna.at
http://buismashallah.at
-
build
217027
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
60a6e455ef240b89acdeda979beb376e_JaffaCakes118
-
Size
1.1MB
-
MD5
60a6e455ef240b89acdeda979beb376e
-
SHA1
2bc1d323670a03676107c5c5cc773eb34d72bc18
-
SHA256
5e20dcc938ce2e061104b90a90c2f8d14f814f674184519ee8c1c018ce5faa6d
-
SHA512
b83e08bbd47b6ef520bc22509dfface44c9e527d10f753d099e0ddb52b22bf92679bda62459cbc8b519345c3f1fc18bada907f63849436623fb47c81b9a4dd98
-
SSDEEP
24576:umpC5XQ4oIJW7mmCi1t1Ajn9V6YmA7tOJLbXq7:uPQ4oIQR1LHYnOJ3q7
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-