Overview

overview

10

Static

static

3

6c301859d0...18.exe

windows7-x64

10

6c301859d0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c301859d0d9e9eda3c5c5ef79961876_JaffaCakes118.exe

  • Size

    285KB

  • MD5

    6c301859d0d9e9eda3c5c5ef79961876

  • SHA1

    b219525661bf9c5d9fcfbcb053cfce89c959505c

  • SHA256

    e6198ed1a95f2ecb077fbbc85f4e95387745c3e93a3617af07791e1c5f3f9cd6

  • SHA512

    b80d93077ce1fcf0b45a5b18fdfac0117298fac985d2f414a9261a93360670c3eef382bf0878e9c7302a34af02f1c9c0900213998fd007d0a4f1d0321e28bb4c

  • SSDEEP

    6144:OCkkpHMr0flO050MqZhXejVsUDKUek6TH5YNdoGoLTAo:OCkpMN0BCVdYk2H5YlUAo

Score
10/10
gozi3312bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    217173

Extracted

Family

gozi

Botnet

3312

C2

b49ealsgrjf63w.info

qn44katlynorval.com

tisabellervoe.xyz
Attributes
  • build

    217173

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c301859d0d9e9eda3c5c5ef79961876_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6c301859d0d9e9eda3c5c5ef79961876_JaffaCakes118.exe"
    1⤵
      PID:1932
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2476
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2140
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1664
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1104
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2740

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4e8361650118d38fc1334a6529ad627d

      SHA1

      30e3e290f98769b6f17a020fd6a5c84ba4288fa9

      SHA256

      1fac81fbb56ba906a695ac540febe9df07b8a3b34233a04c7849fb79532673b5

      SHA512

      a89b9458295fe870c499737d04254664d474009c6ce4c24e9ae87ccd0d61253b99144cb9ca7110727842218260fa16e559438acb7a205aa2e3c49402011f29fd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d560ebab85c0e6971f8e4fcd78facf46

      SHA1

      e1b3511ea652a39311871696e0128c902a676cd6

      SHA256

      48f11fe5bca019126220ed629e3b1dfefb4f0b86bfdc73b1cffc4097b0a3b8ed

      SHA512

      672ca50c175e991e8ece0660d25b3d06badc3405ea9a9eb036204b0898b39545b497a8dacdf2511fee23ffaf5044d8107ce3251859c7ab6c4e76cd0651ca72e9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d692fd3d85f490d52dbb16ea90d03be4

      SHA1

      ea89fc97e7f1894777bcb49948ca380042eabe23

      SHA256

      087428dd8e8d90814b888ada6d37d847cb7ce04b5ee0dca6011813194e41a663

      SHA512

      843d41ca1650d10635d4624b3946c55e8775aea4fee8bbb2d036314a81a6a6092ca3fbda732c63f0cc28e2752c23154fe87e9d859c4c58d43d298a5f11e40d76

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8b4d9f756577a17ee2e8b88093a775b6

      SHA1

      51706600fb9bc11c01a57bbece7e9ab3db88d23f

      SHA256

      5d4af899188baea379366ae28cb2bfd4f36b8e8800cc2a025e1a155808fbfece

      SHA512

      c1e2bac200d1ae551580b64baf679eecd264e23bfe17a8c606c01fb0cadb9ff55252a458968cbf4d59e41a2e2368c46f374cc6f22a049008b67c9d698a616edb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a575e2140b82b348c51d54c2b84512b8

      SHA1

      ddf6ff95278d15d399c0b756d1b7f6c1733a6fe7

      SHA256

      336160128f2d7fc5634f7ad78ec36320397bc3101a3514bb39cb5bea1366847e

      SHA512

      9dcd69e2c52591e50c251e2b8d5f5ff1c7d3035c017ecb2667c91ae7b047e788ab6484a5d4f55f1dfe36bec7bfc979e714ca3cf9fe4f850a89efe5f1fe94dc26

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      133b7a7a57eec6db155011e6090a5ecf

      SHA1

      1cf161e64a0c057b9b50c22c099753acc60eb290

      SHA256

      82efef47151c772575db495e34efcf2f73b0ffa92ddf7162c6a0e1146c8ff54a

      SHA512

      fc1ca9d3d7a5ed4e7e7c2cdfb5bf865169b49ec4fcd64c2b54c846adeab621ecc21647dfc0cc0fba5a8bb03090f9525c3588af1c37bb8ddcab7615be26d85fdc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      222b204cd7ed19458c9338a3cc9711a7

      SHA1

      fd050f14bbc3019bfd46e02cd543abe33c195c59

      SHA256

      cb3598fb2c2fa6ade13fc9b9c0cdb8449d8280175e13b1f6d1fc54541ed86a89

      SHA512

      21fb372ea7adadc76be5a65b54b5b353bdab217dd39911dddf9de12c20b120ddf901ee5cec4748b4526c982ee94ef7ab1c8493f037e610abc4504e49c7acf129

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bc323749924050e7a139210225227f09

      SHA1

      780d83b30f2763c71b931c58a0c4ce572c99bb81

      SHA256

      76be9a9a9bc40d774ae734b48b815c7bb10c61af41dd7173239f9b9537a3c83e

      SHA512

      7625c1a32848c0b94824f6d61f44b35de30dbb97b6ec206c4d824a336b06aed4878572dd2694435226d258780cdbf154becaa0f0321c675906b83e9d2b5024ec

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\dnserror[1]
      Filesize

      1KB

      MD5

      73c70b34b5f8f158d38a94b9d7766515

      SHA1

      e9eaa065bd6585a1b176e13615fd7e6ef96230a9

      SHA256

      3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

      SHA512

      927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\errorPageStrings[1]
      Filesize

      2KB

      MD5

      e3e4a98353f119b80b323302f26b78fa

      SHA1

      20ee35a370cdd3a8a7d04b506410300fd0a6a864

      SHA256

      9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

      SHA512

      d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\httpErrorPagesScripts[2]
      Filesize

      8KB

      MD5

      3f57b781cb3ef114dd0b665151571b7b

      SHA1

      ce6a63f996df3a1cccb81720e21204b825e0238c

      SHA256

      46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

      SHA512

      8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\NewErrorPageTemplate[1]
      Filesize

      1KB

      MD5

      cdf81e591d9cbfb47a7f97a2bcdb70b9

      SHA1

      8f12010dfaacdecad77b70a3e781c707cf328496

      SHA256

      204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

      SHA512

      977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab26F2.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar28DF.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DF2F9769B4A443AFDE.TMP
      Filesize

      16KB

      MD5

      ba92df7094b62f9b9ca6b73b6a61c696

      SHA1

      ec4500e66ee7fc0e8464d9c78124de7c61153c4a

      SHA256

      15ee7f4c77c709dd3884a3a2d4f1effb5ff246088b9a10fe950fec9e65b70f63

      SHA512

      750354392c083d65b3e6a2493d91e66245d2201df3931d23653886ca07da46152f25f7a85db20d7ca762397bcac41ef6251157a07c2687b38fc4085805181f37

      Download Submit
    • memory/1932-0-0x0000000000240000-0x0000000000291000-memory.dmp
      Filesize

      324KB

      Download
    • memory/1932-1-0x0000000000100000-0x0000000000101000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1932-2-0x0000000000150000-0x000000000016B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1932-6-0x0000000000180000-0x0000000000182000-memory.dmp
      Filesize

      8KB

      Download