Overview

overview

10

Static

static

3

65a5bafeff...18.exe

windows7-x64

10

65a5bafeff...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 02:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65a5bafeff81faaf8a46e737857458fc_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    65a5bafeff81faaf8a46e737857458fc

  • SHA1

    6a683a0f8b93fafe295e9a29153e07e80bd0c5e4

  • SHA256

    79fc6e50e92e8eef73f0740a64e92798adaee64dd9b4b1b11601c699c7adca1c

  • SHA512

    939d15c785720020a0b9501c7f1c76c15d42d94faf1a1c98422ffd7feda03ed0ffe67fc59ed8e07072fa1af5fe52c921c2f9a987bada6c4bc6cc6f0cbdf67a94

  • SSDEEP

    3072:9wji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Kdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65a5bafeff81faaf8a46e737857458fc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\65a5bafeff81faaf8a46e737857458fc_JaffaCakes118.exe"
    1⤵
      PID:2968
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2476

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      075af8ccd2816368c45e9a3b4cd16f13

      SHA1

      ab2a08d6a8351eede2a08d28928b972416e5780d

      SHA256

      b73a426d0c59a47d9b7b0222c353a8e7c6142c0b3419f8a6cf9b86c446b49e14

      SHA512

      07d2f6d4e4412a3ef07df74fb87349824acace2eebf84ee8b1b51aaeb7d58399c5e39241a9a9caf5361b2f15d96f6f3d6cdc1aec7e338058b77abae6dae50c06

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0a956f623e84411e58c9b02d2cb594fb

      SHA1

      2841d177e416b4edc3b580c60007da7834d8670e

      SHA256

      d42e5b2eef2c4d0f3f928b3840eea143458fa79af25a8563dc3418adb72201d0

      SHA512

      7ede2701a2abd6a72823684102b5569e7194364bc0575aa03c85406da57b9194ce4394ee23e98d2e939838af3ed916c43faf9f074b1ad3a321fd9282a18a1c93

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cdb6eb38b8823fb3d06493009b8e97aa

      SHA1

      fb877384f3e29a311e36f978be1c6df7a76231eb

      SHA256

      5b8425478ca99678650708255846f5996c33ca90fd3460a4855fe417e8883e8e

      SHA512

      c82357677e4ed540c007b74fd9ff3cf95dd62f5f2525ca6999f1cb0a1f7c75f4b525016037c9681a167448e3a251d16148f717919106178da95cb00a535e5a52

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      faf9f8d6f0e81def960f001f330b0139

      SHA1

      3b4864a7a1edc8dbacd5368db4753081ef448c21

      SHA256

      d49d6f10ec68150d0176b38cbfd89a32b632700fdba37228f4a5c484576d252f

      SHA512

      3e788e10c0eac75e0f10540f34d6eb96e0f72250d1c007ccd8d7d2bb14cc804bdbf75eae2a8c7dbe4db3037c8b23c3b24407676a4cd79772a0224678292543dc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      14554f88802ac704ebfa17f4b18396d0

      SHA1

      75c5c479058e4e0847743383d0b80baf4e49ab8b

      SHA256

      ddf5ea924ecb3be5d174bb251ee36e6b9db767c4cbd9ad3fad739f83baba7f93

      SHA512

      86cd619dbf542a0a557670a92692ace5167b8e66692c729eab42524ca0165e1055d25d358c8e12825865a4417441b2096008b245a33f58ce50e49fab6054f941

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c5be15c00093dc36d9752eccdddc9c89

      SHA1

      7c92dcf525d9b31048db29c697a3e141e4103300

      SHA256

      7dfa6e11680d66996200073423ea4aafb8dcd663f0336b45665a86fab1729c8e

      SHA512

      01bb0d0bb29d47d7e2375cd06c5ff6fccf6540b6c84d162b587951fcc5223c59d61b0f74c9176ff674fc3526984967a0af2db8dc8c16382d3411c91f82debf76

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      124aee9fbd7cb1a64f4f43242fb772e3

      SHA1

      8a9140ff0c2c00e08c669b03c79391779611d599

      SHA256

      71a07e9c869c2bd77e40f2b73dcae230cbaca7214d5111819f2d29cb5f87de0b

      SHA512

      dfe23b36a974c97c60e4342f4dd1565611b0c8b514405b0195bcef447ab80ec19b4f238270c166cc4c69253372fad609db1f42e754721c68cf08b7a92f38c774

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      03f006bef1a06ec3c67df442be0e45de

      SHA1

      955bc5173306481b5d652015d0a8e7f4b3dbc279

      SHA256

      c2b959625295a7cb0955f1772cce48bdcf5b2363ca8f69e58553b2c7489abe59

      SHA512

      dac0de43a2b85fa18a98283f93d55935bd2af0ccc175947cd5719203bc0634deff947b3cdcfde4270b7be85fa2d4bce859364a1bdbb51b5c4b0c65addcec83fb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ebb8544a32e1cb673e89661f4b1b2371

      SHA1

      31d32a01ec743863939d2316fb0609ba0b8a02da

      SHA256

      d4b87654cec5c4203113db8b7a085ce464f8dbb217001d83442dcdb8565cd61f

      SHA512

      7292dde1db0ebe87f5c7a86d703047ef86a9fd18c2fafea77724894530c0e5efe4911625d79b21f3d7e86e66681950af44c62d751f298b1ca147156d8f2fe997

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab87A8.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar87AB.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar887A.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2968-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2968-19-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2968-8-0x00000000002B0000-0x00000000002B2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2968-4-0x0000000000280000-0x000000000029B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2968-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2968-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2968-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download