Overview

overview

10

Static

static

9

67ae2764af...18.exe

windows7-x64

10

67ae2764af...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67ae2764af5f5902c95360d421420740_JaffaCakes118

  • Size

    908KB

  • Sample

    240522-sjpensfd61

  • MD5

    67ae2764af5f5902c95360d421420740

  • SHA1

    c65ab45f5c735c0510ef4f9ed4c0d13bfbee4011

  • SHA256

    1225f3a85dd46f1501fe6efd9cc0eae9af9dcdda8a2daeff1f3a0e3d02b2f641

  • SHA512

    8853572536d6002f8b0c5cce214f1f209262c38c8311e6f089ee26d49fbaded974a7582de76b957689621801e086ca23f69c97d75c5fd17d790c415b0e361896

  • SSDEEP

    1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

Score
10/10
gozi202004141bankercryptonepackerrm3trojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    300854

Extracted

Family

gozi

Botnet

202004141

C2

https://devicelease.xyz

Attributes
  • build

    300854

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      67ae2764af5f5902c95360d421420740_JaffaCakes118

    • Size

      908KB

    • MD5

      67ae2764af5f5902c95360d421420740

    • SHA1

      c65ab45f5c735c0510ef4f9ed4c0d13bfbee4011

    • SHA256

      1225f3a85dd46f1501fe6efd9cc0eae9af9dcdda8a2daeff1f3a0e3d02b2f641

    • SHA512

      8853572536d6002f8b0c5cce214f1f209262c38c8311e6f089ee26d49fbaded974a7582de76b957689621801e086ca23f69c97d75c5fd17d790c415b0e361896

    • SSDEEP

      1536:tV7RSS9YSCSISCShSCSxAGzsCTXYtFBo45GQG770gSvc1RIVLmyLmRgRLuLkutb+:JuAGBTYzGHsNv6xgRK4VljQaeA

    Score
    10/10
    gozi202004141bankerrm3trojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks