Overview

overview

10

Static

static

3

83526d4b4e...18.exe

windows7-x64

10

83526d4b4e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    83526d4b4ebf9a890e420e4f0842b0d0_JaffaCakes118

  • Size

    203KB

  • Sample

    240530-hh3kssaf94

  • MD5

    83526d4b4ebf9a890e420e4f0842b0d0

  • SHA1

    cf8deaba0673b7c2cc672a4327555b144e53105e

  • SHA256

    af94b38836d1e625b48061973249506b882e90d30925a005d17424a0ce3a11e2

  • SHA512

    569f6125b7173c6e629b97abe27517cd25719eb134d156955bc0109f7b0ace4373a3d0278000534550e7b08868bf7f2a8f03df753a32054b2b6c1cdbf032df09

  • SSDEEP

    3072:9sji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:92dp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      83526d4b4ebf9a890e420e4f0842b0d0_JaffaCakes118

    • Size

      203KB

    • MD5

      83526d4b4ebf9a890e420e4f0842b0d0

    • SHA1

      cf8deaba0673b7c2cc672a4327555b144e53105e

    • SHA256

      af94b38836d1e625b48061973249506b882e90d30925a005d17424a0ce3a11e2

    • SHA512

      569f6125b7173c6e629b97abe27517cd25719eb134d156955bc0109f7b0ace4373a3d0278000534550e7b08868bf7f2a8f03df753a32054b2b6c1cdbf032df09

    • SSDEEP

      3072:9sji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:92dp4uPZzGonqXGXh0bluBc4GZ5

    Score
    10/10
    gozi3162bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks