Overview

overview

10

Static

static

3

7007a934fa...18.exe

windows7-x64

10

7007a934fa...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 22:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7007a934fa2fc0b0b01f8a9c9bfa8089_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    7007a934fa2fc0b0b01f8a9c9bfa8089

  • SHA1

    255bcb15e1a24a0c9154a80f14f6a4128c1ee78f

  • SHA256

    c5f9abcffb2db03b37fe435cad621d8f60864db599e82daa714ffc896b4f710c

  • SHA512

    1cdad644b54de0d6ea58aee097edaa083b43befb163ae9de764a643d3368434eecc7f71056b6c0bb2c925f12001acdc700fdb72c9e4c0d342771b5c1c8dc5681

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0J2L6BWnqR+yV:BHXDy1qVvZnOe/HEyoAWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7007a934fa2fc0b0b01f8a9c9bfa8089_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7007a934fa2fc0b0b01f8a9c9bfa8089_JaffaCakes118.exe"
    1⤵
      PID:2396
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2980

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      66b5f57058f6d306fdd81ec970e11934

      SHA1

      8d5c23401f8e1eb31148e71cdc959e8c182ce22e

      SHA256

      2227e622a39a01e63df55b7af941b946e52cdfa826825a95ce936b7bbda338da

      SHA512

      c536aa12c0683fa0d0dae7ea80b9ff31358b7812d8538563842d2c4d5921160471bb9069662f7245291163964c590f92b940c4070226915185af8e9d773c8a38

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1905edf23808a8f102a145c12b264e04

      SHA1

      a248a916acd8e1eaaeb0380b3b93e0a27fd42cad

      SHA256

      dea20f70e51eab83e92b8f2b7999b5531802de110a7a85933f5772a106320df7

      SHA512

      0484df0e0e8f582fa00f827c934ee6fc890ce20cd2fefcf9857f3d065563ac2328ed91f3ce83d83b6ad56a8ee45f962fb8bca0674c676cb141a8e0600064ba9c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bd085f4bd386e4805e2aa378a721bc08

      SHA1

      087f63af4027e08680b939db108de246d86a6a30

      SHA256

      55879593a3ec88e7203bbaf79ad614555d853c434b5e51e30269ff7f9800304c

      SHA512

      4554c4358b68d448e6428372f5e8faea13b7241d3b6c29998b6559f41bb91f8ef8f4b34fa1ffd8a019e47ff6b8118176bb2b55b1eb306587c9c1785bc0e235cc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      83c118e0e9c876bbdd4b0d20f0a0914f

      SHA1

      9e88883f6f35d0ba7f037fcf25b68d8bf45a55d6

      SHA256

      d347cea7cd619a9d20d8192f169c70689d68357bc4e4480b834052d0a5122e33

      SHA512

      ba7c78fea281e5a242901d9d5e496772cfef91108c7dfc6154f24ed55bfb858caf6b8bc9ba112aec2c7808bdd5ac1ac5bd16dff61e966957bfcb1b5c43e94637

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a47df59edfb798900bda58d2649f0ee2

      SHA1

      c97ef00a9ddb8f2656fd33a6eb7ce9db57be10d1

      SHA256

      a04c90e6edc7c77b0c0f111be253802e2c234b03bf6613249b471471c1812906

      SHA512

      7d8251855c6ded95cdb5f4e3b0eebdada653c661a03ad4e95f359021f9b8450a0d131af7a97fb8a85760af6f6d781159afe23a8b4253776f7053190703859b75

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      28f1336ba6252dd6531d988610dca676

      SHA1

      6ccee7458c395229de220731ccfa3999ff808e89

      SHA256

      aa2700f236592fed16d5d5d2486f42392ec9841baa971741913973f4564abbcd

      SHA512

      377341389a18a1092680db6919780578f3bccbfaa014461be8bd428587a92487801b8f49ccacc88fc752d28c2b48567636706674f7115b642ca5684dcd216ef0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      40b4f13b0b48be634caa69f4004ba116

      SHA1

      604575a953b36495bcddc9b334a2fd16879feaf5

      SHA256

      cec4da564c3b387fcb96d42ee987892ba1eb7b4b8dfafefaa921e80c9f49d14f

      SHA512

      7869ad7b3cff4670192e4ea583a2a9c6e75cedbf6ebef0b1bf77fce7236067a9c5577d0875e415a998db70078fb6e544e5048e47c2f2a680cfe93c280f553eff

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      19dffb1106f183fe811a0724ce3e3109

      SHA1

      f88e201fea831eca8d97c6b3185ef3f9afeb5627

      SHA256

      dd69d2eaa980fd6d8f6116ccc914d01ca94c64a6c7705dbf6f1440e97a9fa33d

      SHA512

      b81c1d0c174797b929d79ff02d7ed1b9836acf873f513b93b1546af4d84f00a4d2f358e47a588311c2a4022f670f7e216d54fe59f81784e5631ae74cfb9994ff

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab95BD.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar960E.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/2396-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/2396-6-0x00000000004B0000-0x00000000004B2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2396-2-0x00000000003E0000-0x00000000003FB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2396-1-0x00000000003B0000-0x00000000003B1000-memory.dmp
      Filesize

      4KB

      Download