General

  • Target

    698ea81c77251a015df056d78f9c8927_JaffaCakes118

  • Size

    203KB

  • Sample

    240523-dr3vpsca85

  • MD5

    698ea81c77251a015df056d78f9c8927

  • SHA1

    71a71a1292320af6ff2f9f6cf389f70d565cadd9

  • SHA256

    f3bbdcf40bca186b7d4a7df5b143cc1745549404444e8e17a5e53ec32e0019f9

  • SHA512

    a0ece5cc4372e7602c52f7d34b2ebb1f9c4b50714a8ee77eaee5d1fc802043401656a5b8d3830c922dc8899c08dc9ba01a917c4373019ba0a02a1b9551f5f3da

  • SSDEEP

    3072:9Cji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Mdp4uPZzGonqXGXh0bluBc4GZ5

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      698ea81c77251a015df056d78f9c8927_JaffaCakes118

    • Size

      203KB

    • MD5

      698ea81c77251a015df056d78f9c8927

    • SHA1

      71a71a1292320af6ff2f9f6cf389f70d565cadd9

    • SHA256

      f3bbdcf40bca186b7d4a7df5b143cc1745549404444e8e17a5e53ec32e0019f9

    • SHA512

      a0ece5cc4372e7602c52f7d34b2ebb1f9c4b50714a8ee77eaee5d1fc802043401656a5b8d3830c922dc8899c08dc9ba01a917c4373019ba0a02a1b9551f5f3da

    • SSDEEP

      3072:9Cji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Mdp4uPZzGonqXGXh0bluBc4GZ5

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix ATT&CK v13

Tasks