General

  • Target

    8285061924caa5069b4446c9cd88fb18_JaffaCakes118

  • Size

    197KB

  • Sample

    240530-aw5nbafg6x

  • MD5

    8285061924caa5069b4446c9cd88fb18

  • SHA1

    57a7e917790f7a8b0dc33e086d2798207a36eb4d

  • SHA256

    fee861635aaee3e2e274c9d5d8ffa0af6b01d2a06f44d1bf7333f58a91add1c5

  • SHA512

    a64a6b41d88ea01bf58502f05d9eaee515446fc8e51ea9ba3ed12f479d509446b1d4aa9fc3542de30d37ee19bbd7adaa1130ea250bfdb73d8c0b31cd93182f7e

  • SSDEEP

    3072:/WDdCZn+MHTptyZ1+5Ck15lxYY54Fp3QT2kZz2yDj0EQ8x7xSJM7UmA0ox6:/WkdVlS1oCPY5+QT2kx5HlS27Umg

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3135

C2

zweideckei.com

ziebelschr.com

endetztera.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      8285061924caa5069b4446c9cd88fb18_JaffaCakes118

    • Size

      197KB

    • MD5

      8285061924caa5069b4446c9cd88fb18

    • SHA1

      57a7e917790f7a8b0dc33e086d2798207a36eb4d

    • SHA256

      fee861635aaee3e2e274c9d5d8ffa0af6b01d2a06f44d1bf7333f58a91add1c5

    • SHA512

      a64a6b41d88ea01bf58502f05d9eaee515446fc8e51ea9ba3ed12f479d509446b1d4aa9fc3542de30d37ee19bbd7adaa1130ea250bfdb73d8c0b31cd93182f7e

    • SSDEEP

      3072:/WDdCZn+MHTptyZ1+5Ck15lxYY54Fp3QT2kZz2yDj0EQ8x7xSJM7UmA0ox6:/WkdVlS1oCPY5+QT2kx5HlS27Umg

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix ATT&CK v13

Tasks