General

  • Target

    7ea90e877f1187b11920128d6a3a1574_JaffaCakes118

  • Size

    410KB

  • Sample

    240528-2l6amsgf28

  • MD5

    7ea90e877f1187b11920128d6a3a1574

  • SHA1

    44e3dbe0b747c760c8623e3f143a7eb3bf76c972

  • SHA256

    e47a25808624969f88cbafc9de3d49b3fd41b616fb28fe3a1e344341d4777671

  • SHA512

    c527afc070058e4333ec819831ccfd44e4e46f3c72070074117afe51ffdf7144f544ad37d07a166be49131bb81e5eed1af6b7de2ea41ea745d2f3f0cb0cdaa47

  • SSDEEP

    6144:O3lYafWLlGXxnrgsVA6WetdjDUDSNuLBRxFqD89ciXRGk8xKsR5F03SkoRHT:OeGXh/AReLnuvxUDqmVR4ikoRHT

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3179

C2

pyilgdamion.city

k13zraphael.city

xyawnat.city

Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      7ea90e877f1187b11920128d6a3a1574_JaffaCakes118

    • Size

      410KB

    • MD5

      7ea90e877f1187b11920128d6a3a1574

    • SHA1

      44e3dbe0b747c760c8623e3f143a7eb3bf76c972

    • SHA256

      e47a25808624969f88cbafc9de3d49b3fd41b616fb28fe3a1e344341d4777671

    • SHA512

      c527afc070058e4333ec819831ccfd44e4e46f3c72070074117afe51ffdf7144f544ad37d07a166be49131bb81e5eed1af6b7de2ea41ea745d2f3f0cb0cdaa47

    • SSDEEP

      6144:O3lYafWLlGXxnrgsVA6WetdjDUDSNuLBRxFqD89ciXRGk8xKsR5F03SkoRHT:OeGXh/AReLnuvxUDqmVR4ikoRHT

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix ATT&CK v13

Tasks