Overview

overview

10

Static

static

3

835e9e51d0...18.exe

windows7-x64

10

835e9e51d0...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-05-2024 07:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    835e9e51d0ef4c5cb6706b65124ebebf_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    835e9e51d0ef4c5cb6706b65124ebebf

  • SHA1

    4646766d43ee42e4bd3dc0daeea66dc8f0523ea2

  • SHA256

    735c5c63d6d68db96046195a42195049f3d6cbd4817f26c51a6624bcd8d7dd16

  • SHA512

    5dd0e44ed9695e9f77ed7a8fa7178bfe0c6fb6f55600818800e830da7b7cc91b4221f6026c57c27adf5e8d621db4ef9a56d24b18c877cfa1bdf7d6ec04ca6dc5

  • SSDEEP

    3072:9eji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Ydp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\835e9e51d0ef4c5cb6706b65124ebebf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\835e9e51d0ef4c5cb6706b65124ebebf_JaffaCakes118.exe"
    1⤵
      PID:2980
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2392

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      91f238fb8d991b55f7a15e4db631bd5a

      SHA1

      a86c9d10f16d4030c6dcdd0feb87c3fa779ec846

      SHA256

      8cb30ca8dfab5f73c7e21fb60e0736373a74fef4c728fea50a70ec810f8f6363

      SHA512

      35502d1bcad2b2bada507c64384ce776be00bcacad0a1ab829eec4588a9f5dc37ba57e177e102549722714213464ba0e98d3ffde11006e0352ff4295fdc627c8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4513aa346c3d674c0aca4946c336a692

      SHA1

      4b26085e9295cb8a3fe9f106be39f0d95883417b

      SHA256

      6474dd27c56fec4efff7803070b4f22d0af59cdcd51e91c46afc03fab2b71942

      SHA512

      35f263524bc1ea5235c35762417af82f5fe838fc2c6638ae8b662314f3c0a5464f38d37381f5a6fef26764b82828682c486f5774db8269b355ce8f52ddcf0634

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9c5b1e002993015ba26499d9d60be2a8

      SHA1

      a0177dc76b8dfc6493448bcb9e7aee009b42147c

      SHA256

      638a300a54ac2d459b79c17e7f1e6d0b3c933f71e1257c4ed58c1d91056dc2ac

      SHA512

      efc3ec729db82d61610d478d6b9354fee5c5a512a3277d524ebc38f511a3fffb2aa1b96ebad608d3d9489570f5fe4903ebfb73022d5c8507388c35e53c057f46

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b64021bb19fc5caf372450c0d98c1df8

      SHA1

      64189c0deb9e082066d3f1c4d05405bd932cb5bf

      SHA256

      b54ce98c4c7144b797b03103939ac4c6248751d0cf5ccf723c40ef4a9bbc9cba

      SHA512

      288d18ccb6adb03f04522210ebd9798831808fa1cdc6e890fe98b957c713e43bdc1725115bebed30caa626ff606b2991490772822c9284c7fe4b64cc09c6f710

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3c7efdaca69dfd9e73b1797bff745512

      SHA1

      fdda07d3805e7b6ba6285bf963c1d7d89c757439

      SHA256

      60a9a606542377bf2e38f2bc93d03e15eb5feb476107ca8b9294a794f34a9ad3

      SHA512

      b7cdef15c4bed06abc257b0c53ecdce39557b9c64790d9f47b035786097dbe294b81e8cde827c7171c6a4053721ae331fb66e95d93b76702ae5284a8d1899728

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cc816109597b138309a2b4d75599f363

      SHA1

      f28903ff6055f6be55c6a70767e8e555a2d1f743

      SHA256

      192e5fa81f2095e0f1263d33a0f2c9baf816a44101054fb5890f6cdb3ded6bf2

      SHA512

      b1b8eb28e06403f5b5b5f0b019b1a975673ade1503cc67f86bbcc520fb96712431084392264b8d05fdbf03a81bfb4ec2e267462bb88f1cf9aca1673b5b3b876e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dd4ca6498e5105e66f14efd62e5a8a7b

      SHA1

      178930eb5933e7352939bcbad48317910788b1f0

      SHA256

      2681338a14d58bceed05c440bc3d0ddc79c50a1bb844938c98cc136dcdf9e483

      SHA512

      aed86e3f2822d08c7149b4d9b12e7dcb77ee246371f3d0734c8380a09cc4143c10de9e110fce0621a71d9333afe866d010ad2358ada83fce1dab9cefbbf9adce

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f39dee3bba9431e1a0ab83ba48dad455

      SHA1

      5fa69d5365dce43f5244719b31bf6b4cbd48e121

      SHA256

      4b1d318de3151b36889d19cb3d27bdaee6a4343e2e6bdc236d734474ab5bf1d1

      SHA512

      2b40d7d27c23f292caee13e90d8b9d63be3c73160d6be5b438faf24b84aa013ffd7199b410bf860904df09ef2fa8da0566bed562d5ab6c6e15a2386bb23c7bc1

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabFD53.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabFE22.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarFE57.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2980-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2980-11-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2980-8-0x0000000000320000-0x0000000000322000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2980-4-0x00000000002E0000-0x00000000002FB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2980-2-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/2980-1-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2980-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download