Overview

overview

10

Static

static

3

6d36493d1f...18.exe

windows7-x64

10

6d36493d1f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d36493d1fb8318e95768ad6c4bc4407_JaffaCakes118.exe

  • Size

    372KB

  • MD5

    6d36493d1fb8318e95768ad6c4bc4407

  • SHA1

    1315d84a8675994d20612a8f9b7ee09ab9131985

  • SHA256

    244a6b3556185434336c817d2a0115bcc3e9bd284d879e6b1a8d92730f2f5854

  • SHA512

    d2706739045e85c11616c8dadd49cbf2ade22dda44668c51984a2dd44c84cc5237a7c6f583a976a514374a4d444c4ee32035a0046ad179cc5b0c5d37733ddc7d

  • SSDEEP

    6144:QfsvEug4/COMAIOVW3Uqz/HJpadR5Fz8gF:QKEufaORxezE5Fz

Score
10/10
gozi3181bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3181

C2

bm25yp.com

xiivhaaou.email

m264591jasen.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d36493d1fb8318e95768ad6c4bc4407_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6d36493d1fb8318e95768ad6c4bc4407_JaffaCakes118.exe"
    1⤵
      PID:2116
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2604
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:112
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:880
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2172
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:352
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:352 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2760

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d89a6b31f9b93c88c479c4abe2a74e8b

      SHA1

      2f16e3f964292fe06618e4e809a10f1c53157421

      SHA256

      7a8d357f8184e241aa59c3b57c0c189201e66cb00a94674dc71a01c3971fcaeb

      SHA512

      dfdc882866a4145e48fed64e3b6cafb85bd7fe8f62fe89d15fec578a68ad750cf6779b384872a670aa29beaa32088e338eb835beada88f2c3fc483caefd742f4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      47a088e3b4650ff46ba5f7c5e6105b23

      SHA1

      acf63642e7b0e962f80963df2b61786d647c7fe4

      SHA256

      8f5bc5b59fa079366ee46b03f0722d09228cb50d7156405393df8a0266f3fb3b

      SHA512

      b0648a1d31433b1730dcedd44ba015bd82a3c4653964dfe1c41b41ba5885311138c65ca53e1c2af97851bf8f1d526960131525eedcdbc30a2ecced8ceda2e76a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      13eb1d2f9f520a17ac2378acb9e0ab4e

      SHA1

      931b77eeb5176e23ba54cef637d2e0ef53c94a0e

      SHA256

      beb59778b042b29dcc745a0b9687b634e037de804e092d4f80d4d71349e6b546

      SHA512

      5f46dde701aad0b753457d93283473f917ee37949f18528b039fc3db693b3c012e6303077018d8047063878b841f3e045fc1234477dd0c7783d1f71f06aaedaf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6a3fefffabfa7694a0abc6bece565ace

      SHA1

      1e3b3edac174e3fab0b19d9cabbe1a09a31fd88a

      SHA256

      94857b46ca8ecc61903d4672129baa5fec4e2c71b9cc3e2811083cd7d87a7094

      SHA512

      6f81e3d8f1d1255bb4c2fcea682ce6e001327da333b7dcdc06d9581f043573a9e9a76da74f98c5b2ee28099baa1f7e35f7ca8574e0e44974dfe5f15df6fe26b6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      66e517b066ba322561c7ff235664081f

      SHA1

      23a28719357b21e0a6d8c6e73cd4629c70bf2f65

      SHA256

      27fc7afab034976b501f5502a8f729eb800c73eb1cbcfbee5587a3a6d86ab11e

      SHA512

      e9084a81a24494f9dd7ae6e80a769cc7aa32a0c0098230ce784ef1c1441ff8b9cdc7ac9cf32ca8357d7f523519dd3853dda773395922bdbbe8a1960dd1f9dcbd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      afc6ec63fa4ea2ba6abfbf597a2f38b4

      SHA1

      d218063c43fe16d44270dd4d34c5b699340139f0

      SHA256

      57f81fddb6583a482d38b22cc706d3f24a190d56c83311940dad787f40772ce5

      SHA512

      8f8be4c0a11a7742627f01f34c3766b1b7ff4c59c55b6b7fb4773eb7813a76cb48cc954283c63056a4b409882a613cb692621844f34730658a1f6705b8f39306

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c82ed0d25ca750795d043ffa2b5b8874

      SHA1

      503aeba2297f81746f492476bc13c9279d301f5c

      SHA256

      018d5b1d0ff30db8a59111b513f46c6e90ecf16dd4164f1248f7ae10c0f3734e

      SHA512

      b99ce4adefabd8d218ee55fd4d785719c5eaf4cf265baaea6b469687d979bc7d874791dcb261b0c68da1a24234b9a73d8151d6f2b818e59c5050f17bd86c66ce

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      283e9490460c670dabc241c69fe9d9f9

      SHA1

      49a3fbfd0ff9218515a122bde338d6b5711e65ac

      SHA256

      a20f87afd8a25287c1970615dd709ae1bfd99a47b5d254439e55b7de6e842f15

      SHA512

      702e4e96a28ec0cda335cb2aa8b64cd423f2e0c4b4593d3640a4cdaa607d31d88d1bbb71f6d476e87a52be2c8ea7472ab0939e7f073c33597c5c38461fe7e7ae

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c9a76e65c561e933b686d06436d01272

      SHA1

      a55bcdd4c7af2f99c18055a4b05dc7e2841b6070

      SHA256

      27e2e88647fc467869ffca9eb66ef247518525cef589a1be5652889aac4e1e79

      SHA512

      c781722262bcbb1a7f752bd36e4f31f9c5659536aa3e769afab2892f7dc46e8bf8ee6e0f43404f9a784a9aea4a65e8bd4c59ab63e41701a4d0e7c0a82bbb964d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabD1A4.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarD205.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\~DFBB732464E18180DF.TMP
      Filesize

      16KB

      MD5

      ecdc5c09985624cef298c577fcb19fc0

      SHA1

      abd84238284742d0b657e7c95fe43907e7bc40f3

      SHA256

      9377659c16a1d68b80533912cdf91a8a3e808ea1ae8bc154f276fc7bcabe6384

      SHA512

      307429d5c8d8c84c95d6c31432af977b7e6a24b5096896559c4e3934c6ac4d07016f633b2b3b5babf1a4435863e2bc94ebde797c2a0aaba19d849407220ee601

      Download Submit
    • memory/2116-6-0x0000000000380000-0x0000000000382000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2116-2-0x0000000000350000-0x000000000036B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2116-1-0x0000000000290000-0x0000000000291000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2116-0-0x0000000000400000-0x000000000046D000-memory.dmp
      Filesize

      436KB

      Download