Overview

overview

10

Static

static

3

6f17cb8af2...18.exe

windows7-x64

10

6f17cb8af2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f17cb8af257bb7c6615e816bbf6fadb_JaffaCakes118

  • Size

    455KB

  • Sample

    240524-tprbwsbe9s

  • MD5

    6f17cb8af257bb7c6615e816bbf6fadb

  • SHA1

    7fe7b570aac962992d5815bc41421e0f2b6b90fc

  • SHA256

    7bbc9037261d07deaf8f6ca83345e679cd105ddb62361482e73a2f53f23f182f

  • SHA512

    f1631db833c9b14ee28b55381a1e9900d4da320fb6886c5925f8523dedb37a898340054b1cc0ecb0601bcf94dc3e06bd0903e1be61a2aab0c81eababcf2f9b43

  • SSDEEP

    6144:pk69oa2DnZot8e/toa/YhFdBtH9dXfZNJIYb9eHg1jgw:pF72DnOt1N4H9dXRgw

Score
10/10
gozi3183bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3183

C2

v99jarret3287x.com

huymireyai.company

so64a92elody.email
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      6f17cb8af257bb7c6615e816bbf6fadb_JaffaCakes118

    • Size

      455KB

    • MD5

      6f17cb8af257bb7c6615e816bbf6fadb

    • SHA1

      7fe7b570aac962992d5815bc41421e0f2b6b90fc

    • SHA256

      7bbc9037261d07deaf8f6ca83345e679cd105ddb62361482e73a2f53f23f182f

    • SHA512

      f1631db833c9b14ee28b55381a1e9900d4da320fb6886c5925f8523dedb37a898340054b1cc0ecb0601bcf94dc3e06bd0903e1be61a2aab0c81eababcf2f9b43

    • SSDEEP

      6144:pk69oa2DnZot8e/toa/YhFdBtH9dXfZNJIYb9eHg1jgw:pF72DnOt1N4H9dXRgw

    Score
    10/10
    gozi3183bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks