General

  • Target

    64550f6691030dd771b5b96efcdc7df8_JaffaCakes118

  • Size

    372KB

  • Sample

    240521-w81qsaee2t

  • MD5

    64550f6691030dd771b5b96efcdc7df8

  • SHA1

    7cc5ebe466b0d0332fbe2db42525c89c42ab575a

  • SHA256

    f4bb0a4f8ec94b5bea35dd9d193c5fba0c283c5ac701830108bd462c6501b82c

  • SHA512

    1f886807b777babb6ff9755b6e3903f002ebac3a6a360c9efe6de99a4d4d6f4c3d96899d36552fe33ec3a8951e01db1ec5bee023242ad5e412c6219828f8fc0e

  • SSDEEP

    6144:QfsvEug4/COMAIOVW3Uqz/HJpadR5FzogF:QKEufaORxezE5Fz

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city

Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      64550f6691030dd771b5b96efcdc7df8_JaffaCakes118

    • Size

      372KB

    • MD5

      64550f6691030dd771b5b96efcdc7df8

    • SHA1

      7cc5ebe466b0d0332fbe2db42525c89c42ab575a

    • SHA256

      f4bb0a4f8ec94b5bea35dd9d193c5fba0c283c5ac701830108bd462c6501b82c

    • SHA512

      1f886807b777babb6ff9755b6e3903f002ebac3a6a360c9efe6de99a4d4d6f4c3d96899d36552fe33ec3a8951e01db1ec5bee023242ad5e412c6219828f8fc0e

    • SSDEEP

      6144:QfsvEug4/COMAIOVW3Uqz/HJpadR5FzogF:QKEufaORxezE5Fz

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix ATT&CK v13

Tasks