Overview

overview

10

Static

static

3

86c3cdfe9d...18.exe

windows7-x64

10

86c3cdfe9d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 10:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86c3cdfe9de317a5cb77ff378de4312a_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    86c3cdfe9de317a5cb77ff378de4312a

  • SHA1

    4095d6167b43ab660101346b067e46fff728f45f

  • SHA256

    649ad032ec2dbe0ce2eec2de332e5a555e02bdf08607e58663af21722eb00919

  • SHA512

    5963c0f901e61367116086d4ee91c2fcbb85c934750e676760bd715260d5e11f9478a4c6ded9f1be59dbd2c06d7e748bec3b1ec12c2a205da42ec2590ff4b37d

  • SSDEEP

    3072:9bji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9vdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86c3cdfe9de317a5cb77ff378de4312a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\86c3cdfe9de317a5cb77ff378de4312a_JaffaCakes118.exe"
    1⤵
      PID:1688
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2060

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8be22d9b44318b7da53f3f5cba3b994c

      SHA1

      308003714c07f46b102c160649437b769fcabdbb

      SHA256

      bca991ab1f2e7b43e99b91284b6db65fb43565d61f7797c4768d1a5e2a471e13

      SHA512

      6d07925b7180fe81c65f25bd91a4b981f5336924c9314944ea0f001edf057290943731022d558cd5287d4091236528dbd60fa585d3ea877ad783e7a99c907fea

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      de4abfe39a52067e136002391bbb2dbf

      SHA1

      16e615862de9604364164f4057f6585095215938

      SHA256

      d1d35b26e39a8bc817ea78257186ab56fe405233293585e86dc6f5247fc50c25

      SHA512

      7b1cd5d6053f073529ebac0bbaf36832ca7ef427f35350310dcaca6d6f2b00560069e207da80d81aa99d82100c597db1bbb5b2660da0855d1afd6231e3ae061c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6c192ff5cbd9fdbeca76968d6464a6ad

      SHA1

      a55932ba5e82dcbf7d7e9c5d30533a3fa807cc6c

      SHA256

      b68bf7f320021db30df2c79c21c8fa737af46d855b042d0a115212f5cd1d5a38

      SHA512

      769452fd0a5590f6594de2139c613af2d579d8cae35d85f66abc4f70b3b18285055e1037626de0619fa1bd0e56d29a7300f85b9f055103196e9fc6a7486b56ad

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e5fb0a16f1d4f5a4f92a4a46a6385da1

      SHA1

      e24efdf87342024f0e7cc494928b3de692a1ca14

      SHA256

      6f521a57f171196bd5f27bf729749f187b2e13d15ef732479af338f5c3fb6d52

      SHA512

      d70a1b692e56aa5c029c51525986546b9e23511295e10515182ef9a3f534b2b618f5418c1f79768036a36b2060e857fb7ebd2e5a00930629f3b95a8f6d8bb4dd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9f50ea3d79211a0643e9def90ebaa1d4

      SHA1

      e3c2622e7a6817bd94402c8974999d250f90fc4e

      SHA256

      7df777cce4cb73a1f1bd1941cb107c6abece77d135982ddbd228b8d6e35122bb

      SHA512

      62ee897b73f0988623e048ad2e6ae5ee5a5dac71a3bcaf4ba23a690773632cce4399e3aa5d33c68f97e6dc081448a3cd63cee2e4aa0f885b9906a2aefaa58ffe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1c60305723b1af84866a9439a16eec74

      SHA1

      8f4155ed591a04e585860a2e5b63ef089ad06d7a

      SHA256

      6cd5b39f272e360b5c45dc2b060fb7f6c08b73dad6356e0cd62f8247b8860b7d

      SHA512

      0112becdbe463430f6af7ea8c49afdaca7c0586fe3d0f9b9ba4c6003c916ce0d210c50fea033f46ab03f7d7295fdeca2207182e46397728634538d25e792430d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1e48551facca1c69ea6b44a3d06feacb

      SHA1

      712bb32ce6b6ffd2679198d610b2cb97b0d2677a

      SHA256

      9a36cb2bb9fe07b503be96280f57b5934019a73c47679c3fd54615bfe81d959e

      SHA512

      f2e23efbce4a72eb47ac5911928b80dd4f8cb6d0e8e047059dcb81202ed460ad4c66229838941eb2249a5cb9e11f9d3143b00e35f47930887b34cf633029e58f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ab0e3b892d46b5b3a0060447358967b3

      SHA1

      0572412d8d529c5d4cb7a59cffed83d89bcb6e3c

      SHA256

      5bce213a81644421f90f9fe4feb425bee57adea7646c83aecd7b611527e98369

      SHA512

      9814c1f48ccc005985b14be594e64087f59620337758b8ccd7a8c7c89a4f72fc31ade64f314b35b42468ee8589d32ac74a0843a8f0b231e862bbceda873cf912

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7c9b85333d1894e0effbcf7e7cec37ff

      SHA1

      93c2daea5bf070349d291bdfa833769fa8d3333e

      SHA256

      28894ac5762dd1e9b08bfb93722f0af7d14cc85abc5d07dac8315628d05e002e

      SHA512

      75dc3a9dead14889300929c8b39528204608e3c521211272222d59d8260baee18ae159e100df05e74ac0141d9027dd045b48e6f13a2b710600abe80cf4eda504

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab704.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7E2.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar707.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar806.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1688-0-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1688-11-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1688-8-0x0000000000540000-0x0000000000542000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1688-4-0x0000000000440000-0x000000000045B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1688-1-0x0000000000435000-0x000000000043A000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1688-2-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1688-3-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download