Overview

overview

10

Static

static

3

87de92e637...18.exe

windows7-x64

10

87de92e637...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87de92e63762f63c90448f0da5ea1ecb_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    87de92e63762f63c90448f0da5ea1ecb

  • SHA1

    9446d4f7e75b3f7d6d09724ef12e37e2f9e88987

  • SHA256

    f7d21fe3c530e374a6d4db622a1e36d5b23de2279a087976efc00d33b01e4651

  • SHA512

    87850a62f06172e12580377e0c7722d84bc15b019fc78a1b1c59cb6aa54099baa6a1f1102e031db6924b5f7c4a9b51d7a461f47803b30b171bdfe1a1f8f36117

  • SSDEEP

    49152:szlXFzryIbDDhPvyXlVzCskIpDRCbKkgmXW1Gd0WQQYStEZ8FLuro:MXFzrNDDhiXlVOskIpDRCbLg8WQ3Qn87

Score
10/10
gozi3155bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3155

C2

roevinguef.com

sfernacrif.com

abregeousn.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87de92e63762f63c90448f0da5ea1ecb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\87de92e63762f63c90448f0da5ea1ecb_JaffaCakes118.exe"
    1⤵
      PID:3028
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2824
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2752

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5f2af9d453cbe88d0276f9aa95b110d8

      SHA1

      f3a1598b32cf946ec026ed71693017708421ae58

      SHA256

      cc861eff9f227c3c860154e3495e567dc6e6141a38bf7a64d895a24cd686b20a

      SHA512

      a4bd73f3b84cc0a97120fd09b8cf87c4f90a678d5575ecbb2b119f12455592a58e50694e1cb00f9974c82cd99518ad2a98084e8e7025d57fb2fb717341081239

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a824b0cfc55c45bebedd0b28ce8fe55d

      SHA1

      67a61af46f18817e9506378d2586a6f35316e144

      SHA256

      6503fcc6524da4d74611e7d32c0c6ad089011f22bf7947c6700d79c7e1fba86a

      SHA512

      7224890bd9c1024729e52fb97099dc8bf3efb9a1e5fab63799792834ec40852405b531ecfde5f0eaa5e0b304b569e70149b7321845c0a541c8a17a0e3881f310

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a9912459af90ff2f01aa79ae10589df5

      SHA1

      76ca2a473931c3f68c40fc1e65cb3fcfd4b5b630

      SHA256

      334792dae156b9b1c6a3474fcec89f2602a164f74d319ddf3f9bf1e340cd1a08

      SHA512

      788cfe971cc36fdf2318afbadad3443c466172945d80bab14e5baa6c7f7b891e1d3a1915cf7e2f20f0d6619b12dc7992e487822889eef0fc5f60267318767aec

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d6a4788f5dbe20b9b53221e14049f188

      SHA1

      8ac1fde26feb0d27fb376005ef0711717c2b364c

      SHA256

      c889f16ae788eeb415996812a05c6c15744ea3448a053198bee2d5f23789e316

      SHA512

      2efed055cb263aef80453de236a1f7cae64f0d05f010052df77a9e89999b558e8b6580776cd6fd5dcbe54a070431488a3f7ce17377a7637a3dbfe83369c466e5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6f810106072f500a1a1d47f657c8ce79

      SHA1

      5745a1ed078242917dc73b63647aa040a58c077f

      SHA256

      5e8236ee25dd80be5c8f4303b468dbdb929342d40935d50f338a98b98a3aab01

      SHA512

      35965aaa3051b11e2608f68f8d16eb663ddd2306ea5a6d511449b1eb2a099327e5e263dc624644efe7438ab8d11d1bf53857688bc4d5405922998f35e33d3a13

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      12a6275387c7478c4456d204122bd8b8

      SHA1

      05fa43835c7b901e1daafa3673d55ae464df774a

      SHA256

      3fbf8ad9950f8bd96f216711ee9f117d6a960592ab17ce8f6944701c9fb04998

      SHA512

      6b8673acefb9f32706703248f4df3cb77b67e7ace9f8fcf080f9fff613f41d490f66fdd54af9e04a273068fef6b164ec7923186d4daefbb9e31d0797501d5d7e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b907e403fb41cb387df4707fbaf3322f

      SHA1

      1b37069992c2984cb2634ef1c88d1c2c8644682f

      SHA256

      b474cfa4ae103e04019a1f0dce55e609587fcf1a808bcc82d1b77860aca476f7

      SHA512

      1582de43f8a39ea21f6895faf8da2e27ceae33c731fb82f33b0467c46199cc3a6957655328cd9f8678b1d890911fe9e071fb8e4f60ac12d73bee2fb4828d0de1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5a162a16a434d9450886507edaf75aed

      SHA1

      bab16e372c261e70ca97beb2c3acb8e1aa8116f8

      SHA256

      a2bd255e207c22011f15482f56130a6a7f13586537780a06305b30c9f73cae12

      SHA512

      ce4a6d390b4b9af549697731b00a442762c5ba02d1411db387cec8ea5044dcefa67e2da6283bd2a54c0078f197cf3c9eff4f3dfa3436dc093caef2b731f8cace

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      72988d647723514334b5532b23d08afb

      SHA1

      fb688ce2efbe40ddd6cac53639d928bafe6a9ff0

      SHA256

      083eaa254095b21a5851c0529d0423827923ced68d8b1c6010eaa0e3cc4358e0

      SHA512

      c1f4fb3ca7e03dfa1afc16681f786db5355ac9e00770aeb944fb60ca30238bc1b0911f6309ebd32ee33a41da5448bf0af93fe4189f5a53c20b9b7e81d45683bc

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9D7A.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9DDA.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar9DEF.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/3028-0-0x0000000000180000-0x000000000033C000-memory.dmp
      Filesize

      1.7MB

      Download
    • memory/3028-13-0x0000000000180000-0x000000000018F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/3028-8-0x0000000000350000-0x0000000000352000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3028-4-0x0000000000150000-0x000000000016B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/3028-2-0x0000000000306000-0x000000000030B000-memory.dmp
      Filesize

      20KB

      Download
    • memory/3028-3-0x0000000000180000-0x000000000033C000-memory.dmp
      Filesize

      1.7MB

      Download
    • memory/3028-1-0x0000000000180000-0x000000000033C000-memory.dmp
      Filesize

      1.7MB

      Download