Overview

overview

10

Static

static

3

7b9287db9f...18.exe

windows7-x64

10

7b9287db9f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28-05-2024 03:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b9287db9f86baaf97e2392c1492b53c_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    7b9287db9f86baaf97e2392c1492b53c

  • SHA1

    db01200cc24aed68f51309b3fcb580309882ce71

  • SHA256

    54bc90b103157a51959a1a9524bb279d1b41c33d432f772ea71ef5f5548c41aa

  • SHA512

    24f6e821fa8c54744c736b10f55e3a1f8ab0e7a89705625aaf9cf9f60981d1fedfaf7d2f81b55c7b9eb5838644a68f62641f504d1ffa330a00346d9e2cde35e1

  • SSDEEP

    3072:9xji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9ldp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b9287db9f86baaf97e2392c1492b53c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\7b9287db9f86baaf97e2392c1492b53c_JaffaCakes118.exe"
    1⤵
      PID:1484
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2672
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2636

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2dc14b9b783f60aedf321496e6dde4f1

      SHA1

      a3135dad14a4443b78461d3c06d91c7a96a6094b

      SHA256

      9b93baa02da03b4befee777cbb36f214a04c44661c5b2945f576ce09019fdf93

      SHA512

      b9418e88ca2e62c4f85805860ec4ad39edc89bced5db8cdde266d8fec396777841d98bc9e317683c2b95887544959ff1e977bce733703197459bb789a61011c0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ecbd91eccfd7bc30b69618416f7ba63f

      SHA1

      576dd172a6bfd26e1b78e6933e21fcbe76d535ec

      SHA256

      3e42fd980c48ce5fc35b9a49bc7095d1d5f9bf2be62145b44a92bf568ab60fe2

      SHA512

      26074657c369bd9ebb213b07919238cddbe17fafef85f4a5e5fd37088675ad4b7743de33a16e58c593d82f8e1b3f51163c124a1a67bb6327fe791a77d225913d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7c3220e9166585bfbf9a0bcaead650f2

      SHA1

      b71b940a3f39cf94e2cf80652cc7c78ce71d87a8

      SHA256

      f2efc65ea8136dc69e4b484ea8e899aae12e3569846be2da81bdc7751797a7e4

      SHA512

      a9e53393cc75993853fa71e0d3c462b52cde73a311a8eaee54a55f8841159c3ba65186b800c7b1f2562a2268e8c604dab5d326fb4c8a54ec21616fcb91bf701c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5a3a2abc51bd48ad8284194ea79bd855

      SHA1

      e490124ed61fb78f9c0833fdb0c20bba089a336a

      SHA256

      e08ebb2e704410357baeab187bfcabefb1201e62de4ff642eedfa862cba4fefc

      SHA512

      1ae9f1a56d4c821fb5fa9f39170ba95b04cd3e6d13b199cad102fb12302c56cb4719e5f05197b9537c95f5f79da6f75a8691d97202e7dac0809b286def63dd72

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0f37c441cdd2863175006563a9cea47f

      SHA1

      0a2fabf9b543db2ed1872bb36e5a98f8405c315e

      SHA256

      194420b0b0ba7051028528e202ac56716e4a5cc4fe10c3099ca75c2679f454c5

      SHA512

      a24dd871773ef6fd9c87a8de7f90bbd71ea114b324c8a694a02ccd07389001755510a24a3ee6aaf0e1590298001419683ef629c46e0a428ad4d4d4891c1669cc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      356f4a5f35979de530f93f44536d4a98

      SHA1

      7a95cc2612f3ab894451fbac5387649f9bf8c894

      SHA256

      c0c4b16e651af7478f87255baf49d4ac3832ac2f6bd8a8b85f5a2933e6db0c6a

      SHA512

      3e84fcc3a56c9ebbbf38f7405f33fa45d7f42378213ae76de92e729a8dc656e13549b1a870b947a2d038020a8279cc0f2354f3a926fe8d14f3eb426f3beba034

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      12bee8f5b9e37447b523581ad3403dbc

      SHA1

      fee09f782ae72718ddcef590ef12fdd4c3d8822e

      SHA256

      bca85285a219bd3d151bd1912ec5ca40edefb31b2c3ae1780864a026c98405f0

      SHA512

      9748d9315ced3c3f40cef422f6c570b68181b3277566648f22f37902adf7c8accaea6c88d42c6247fca697f6d0706554a9a0653a15fbd88b6f7e9f50cfdbe82b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      66c6d5f44a18b69188173f1359e7f810

      SHA1

      bf4cf96ebc2819a1e9ae598677211ca132c76abe

      SHA256

      068ee66deb4f2dceb9d191dc922057e218bddcddbcb8dfa01c340bd3f56bd845

      SHA512

      30e34e71f5a7ecc9230252076182fab3c8f335ebb34c2cdf7e261f43aa844f74db33769a40d0caba9eb73a2be569fd18c950b319968a925a83b589357f3e6cf9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e4fbc2428d42273e1fbaef33c1a011ce

      SHA1

      e5f0b81e761b3775ca0c40ee3e78e72812cbd24b

      SHA256

      30ac0882cf5b6415d7338a881de9ce6416a366cec5c8d0c7067b19a1a9af3449

      SHA512

      586b17176a9a59ca22fc3a0d7d638987b09b7d1e06a323ed833f5652192b6edb9879d3a6755b3db161538518e2ae432901cb3b1be70f6522dfca3246b93d0e9c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ffcbd7f03b182e7a430a61b942e64bfe

      SHA1

      83e18d151657d0b097d8852885588c3a2b59f79c

      SHA256

      bc3440860a867796c83ee67a24dbe6ee344c9725f425cd0fede8e1b5150614a3

      SHA512

      20d6a7bbed2ca3b16dc6157a4494df0cc2032c9495ab0be4fe89d141197cc61a3b03490f18bc96744b78325bdf62f2ef5c257240a2459a35a2fe49f7525ebf21

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab83E1.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar83F4.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • memory/1484-48-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1484-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1484-44-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1484-8-0x00000000002A0000-0x00000000002A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1484-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1484-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/1484-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1484-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download