Overview

overview

10

Static

static

3

75c8aa0327...18.exe

windows7-x64

10

75c8aa0327...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 14:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75c8aa03275d1e67fc7ce9c20385c123_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    75c8aa03275d1e67fc7ce9c20385c123

  • SHA1

    67a7b25a7792aed6036acb7996843414e2b9e227

  • SHA256

    ffc94a044cf375139e6841a0c68fe004c837d172eaa07612850120b5e79751dc

  • SHA512

    5b82361aeef4ce9cb5c51d1d0aab4ffb6e2db72aefa21329f4d14cc6f43a594859ecbbb321f1fd737e6143a5d90e863a1c6b25750ac5c217ba1104ff5126976a

  • SSDEEP

    49152:4SuE3qtrqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L3OqPKIOson6Cslny8WR6wOHstehsC7

Score
10/10
gozi3184bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3184

C2

qfelicialew.city

mzg4958lc.com

gxuxwnszau.band
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75c8aa03275d1e67fc7ce9c20385c123_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\75c8aa03275d1e67fc7ce9c20385c123_JaffaCakes118.exe"
    1⤵
      PID:3008
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2296
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2684

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      27d214f9807aa1517ad9d7227e210bae

      SHA1

      9b6c7ab2bc63f3011a3e0b6778d56659ce6c41a4

      SHA256

      89e5b8a8c565762cd4b162bca4881f0b2b96ed16809fb14b13f4f6d5cc480af2

      SHA512

      99520da95d06d3c0aeacc65e91dc8f8f796aba9efe723f2beb760f6dfb24f07c86264fb7ed3730c559f58305078892849f22b4b732b7085cc8b41eb56c471aac

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c86c272892ae71331c6ee08c52fa48b7

      SHA1

      9a83fd2d0affadda5bc0d897be30e51aef97270b

      SHA256

      3f7dde82c462d84490fd37245ca2e802ddbdbb5653efee80f0e3dd8c3ed78e7a

      SHA512

      ca716612ccfcc7e58e3536ee7c0f2768cc16b5e5d9a359e4e2db2cc94829b17f2e7a201b27b823be2d754211d085e5729fb3e16544edf2757bd1eb80b4157a4e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5b55ce783779c81a1f7f3c8d82bc1ef8

      SHA1

      c3144c3e443485925f16e25aa27fc89c0fe48037

      SHA256

      9d873b6fe293935c59a56260284d43928306d482fc7b16bae7d28d3ebed8d96d

      SHA512

      f59f6a64ffb9a4ef6223ce6a8393193802633258e442b5b45ae5ac43385234bf0368e647621555a604e0070cad25fcc7aa039dc3b266e64e1156e045a404b1ca

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5a3118343132e2638557bbbcd9a5abce

      SHA1

      000b0ce01d9e6a5cb6edf49a910141d0a5249383

      SHA256

      6eb672e4a8acdc97ae0fda8eda68af603003a77179b4dea411ec776af01f361b

      SHA512

      5e81834b965fe1d1954e55811d67e7a52ea1e23a86068b51618c73af01b789abfa8374d8923446f82772e2bcac84ce933a70bdbf9c036882aa581ad08a052b7a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      88cd586826ec28f28acd0ba3afe1f285

      SHA1

      26f73b18286bd935332da2a9f518d06bfe2bcd17

      SHA256

      329492682f320d181938314d36c74f295c368b12704f92b593d5addd349f0c95

      SHA512

      3b16adb3962d2b72b51427607819e72c73a91ed9fa1c04704c457ea3bcab625a5ec430361fb65a85ff563c4b695e9ce402804a68f4bccbd5e9f59e8734c43282

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c283dfb984471748ed53adadd77315f3

      SHA1

      7adc4d925b48e986da13d0966134d6552b42f198

      SHA256

      cc104831d6f1d9d6ab9c06fdc30f00c629f367dbd992d96a8090d1b6fd91f60b

      SHA512

      5865c33753a51a598d7c53dee8a8aebd2f4e31a0574438758b5f1f7ce034e687de8c1c70237857ed0f6a937a30c082df36445966a6b798906310de87ad1b1909

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      abba6dc3d4213d8e863ebda7e446324d

      SHA1

      c6001c40f75bbe9cb6d13829a4a147b1f0af2b63

      SHA256

      02c97bf9ab92e5fef49d385ecc66d18f8637ea0f919168a11c5a842d98a74c30

      SHA512

      33d5f08e17435ea1f6554c307e93f024cba4c6d83f16ba715b987bcb554ece81b39951c73d9a13057c0e8925eb2d50075c0f0d5bd9ae81ad46c3ff13ecb1a25e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2d2f35286c53893a94da761c55eafdcf

      SHA1

      52d5d291270b1dc6387e864b0377d5fdade04c17

      SHA256

      02a98594ae34a9a945c5c3c70e57ac41ed92bc326e1750f7565e5706858298f2

      SHA512

      25f60421e599ad83714b5e07a52c0a5e6fa249c443c596518d83319518a2315c069fec880d06d4484279c2315260de2a7a7ad0dd05bec7decd735d32e7162754

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b62fcf3ad399234009186dbac6f6bbcc

      SHA1

      9036d7277ed9a95ae51da13b6cc5ceaa8ab10e11

      SHA256

      cac556b94a3faf32779c9d82661c31eb813fc05c73ab314cbf9c5926028f1d79

      SHA512

      32ec6dce0ae8bb1313da431467b2c7a5f5d042d07a3139cfcf1c97f18fa8f1f7be57dd9f89319d62c291c0c6749414b584e547129c6f6fde1736810219a35d72

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      75f80b2af4bdd6d02a5112040a50df19

      SHA1

      665a5da40bedc91cb5162adde441dfd066a4dcb8

      SHA256

      6254970ab124cd6ad8fc122a5bd7af347f518c8d4ec7e6bea206e7eedb737de7

      SHA512

      f4b672dc6038fa0817f927e94c3bcdb47824af7f53388e8439672bf04ee673a4512ca42107bb165a27e6f722df801ac3e356b844979ccfd131e19b3161041e4d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      45787ca18d8db8c824cd9209c3b5a8ec

      SHA1

      5324981dfdcd653ec6222d85ff80f0f9194d4adb

      SHA256

      78184b1f0c97a9e98e9f0f6cf8a86d1b9b1479b5b56b1dcdaf88b4e8b2336129

      SHA512

      6c27f42f5bdf199daf199df94b7dc07aaaa174cf7a9f3425b265daf90e36db01a016127c5f4ea35a4f1fadcf48f493715c1c3b356acd67df423520d55553c685

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabB8E6.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarB947.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/3008-0-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/3008-13-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/3008-8-0x00000000003F0000-0x00000000003F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3008-4-0x00000000002C0000-0x00000000002DB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/3008-3-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/3008-2-0x000000000058F000-0x0000000000594000-memory.dmp
      Filesize

      20KB

      Download
    • memory/3008-1-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download