Overview

overview

10

Static

static

3

86c3cdfe9d...18.exe

windows7-x64

10

86c3cdfe9d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 13:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86c3cdfe9de317a5cb77ff378de4312aJaffaCakes118.exe

  • Size

    203KB

  • MD5

    86c3cdfe9de317a5cb77ff378de4312a

  • SHA1

    4095d6167b43ab660101346b067e46fff728f45f

  • SHA256

    649ad032ec2dbe0ce2eec2de332e5a555e02bdf08607e58663af21722eb00919

  • SHA512

    5963c0f901e61367116086d4ee91c2fcbb85c934750e676760bd715260d5e11f9478a4c6ded9f1be59dbd2c06d7e748bec3b1ec12c2a205da42ec2590ff4b37d

  • SSDEEP

    3072:9bji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9vdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86c3cdfe9de317a5cb77ff378de4312aJaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\86c3cdfe9de317a5cb77ff378de4312aJaffaCakes118.exe"
    1⤵
      PID:1180
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2508

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bce7ac56dcd720d74a7e1bf7db777e2f

      SHA1

      9e522635f31cd3d0833985fd6c03f72ad92ecf69

      SHA256

      b73f227ea3c6cee06514c9ffd5ed088f20415716dd48dd733db3182a980a3fcc

      SHA512

      b78b8584b223cec2661e3230f1ea8f36a54f5107696d35e4ac1372ca3113f2bbf81267fb4f1123ec4d49eb7464d803f805908ce96f7c893c30458ee56d07cbb3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7a3046355a70390255bbedf88940760a

      SHA1

      dde761a389ab1ac47b6113c1bb99a6576acf72d3

      SHA256

      930cdb82a8e33113888caba4c932c145f9c3080788e1f48895b5ee6a2c58509d

      SHA512

      549a52c887acabf65ab0ce0bee53474c155ac3824d29a22fd3167fb8ff04245606f21b81ea5a386b19691aa8d07a629a8f80d8913a3891c6dbe6cc255ac6f88a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      99b3d6ac7ec9ebe3243b91344e4f5713

      SHA1

      73ab3033a9dcb9057efbaceb0e3e6d8b97016054

      SHA256

      9cd3c6397753b89d91dac44598104b1b6ceb6e1e5c35c6edd4f2778618470ef5

      SHA512

      c68fd0c823856775704579ea0576c0574ffbbe97f0b2e22d69f70780dbb2600a690de25a1387f0b8b96288cc073589a37d4522ea3ca9a320451e20e95b977019

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      62617eb89c92d808532eedc6b33a995a

      SHA1

      93b4493fc94366a6f0ef35aeff53c31a6fe6c027

      SHA256

      cf054480f68ffeb928dc396cfa53e9813137889622bbcfa6038e7f77c8d7a414

      SHA512

      9b3c60922ae381d95874012320669afd04721575798d9aee799056b1416687ac044388da63111a51961781225ba3a3301788c144fdabf3bbcfb621a7a7d58825

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1e45aaf25a91a84e79413891ebabd6a

      SHA1

      8ed4b2975d6fc6626eb8abcae391670711acf94c

      SHA256

      3bceb1d59baaf0f4badbd48311cad71c889eff0a07e6c0ddba94eb1d934bd4b6

      SHA512

      66403b2423f791d0b24698609f624f717bb3c67ab894fc81dbd93248f9b37287561b7981d2dff00f35bdc8f6dc78c595f95dce219e657536c4ddf3cc05091ac1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5a58af5b3ae1bca6e16d83c7184ad1ae

      SHA1

      b804fb85bc83a6e67a97b613667141730685175f

      SHA256

      bb840387ebd25cf25ea777482d8e0d43e9a3e7bd44bd33ad28009869a64066ed

      SHA512

      89d9bace8191ccc320db819e43494c2496fcc288cd5e2ea9a565e1e1edf1247dbe7d0f2bf49a76a47c540de92d68532de57ddbf0bd0f19c36d05fa5f3e64ca78

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0b00ade613715b9b5f9c25d84243872e

      SHA1

      c3fc607bc98633b98dea3e7f055a56edb829996d

      SHA256

      692385f4d31d8ef863690e1405ae15175d94c85dd06e79294dd6069b6cf48c62

      SHA512

      81ffe8a08cf02b83667a4efc2c251841b44ff2206bd6b0d654a2f9c229b16ae384824b4d96f0ea3c8f46482e80571b133d468bd85e2a4a79d583743993d57284

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      21be9d8cac48f70ace015ed6146f20c3

      SHA1

      a0724e5c7ff951f1469b0142976346ae5aa9406c

      SHA256

      1faae2edf3525523673f0ed0dd40fa18d944590aa04990f7aaf412cc29bd7719

      SHA512

      7241431784a0a5249f10c6e04619ebd846648383ebed1ccae169af2c4b1576354881abe1a141f0a2bf9bd6771a70e41c4aa1d7a6c80baf133752b7e3c7ea36bc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      47d1fe024cd2cdf12d7f488906572d61

      SHA1

      ac3e3850124ca06e11b5eb37ce1180e5f7aed61b

      SHA256

      2700cb0b4725702b7fa7951b046b840037248e7e4db88229b4016108484e4cd9

      SHA512

      5879c0d882202366e3c311d0f7b18e59222708b6bcafce8bc723d9c78afe36a758a34bbdf596a3e649d71c5b5d51097429c759e6ff5cbe07d79a5f500dc3219a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab7A4F.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar7A62.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar7AC5.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/1180-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1180-18-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1180-8-0x00000000002A0000-0x00000000002A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1180-4-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1180-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/1180-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/1180-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download