Overview

overview

10

Static

static

3

885a407488...18.exe

windows7-x64

10

885a407488...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 21:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    885a4074884e031d30031f0e1a534bc1_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    885a4074884e031d30031f0e1a534bc1

  • SHA1

    ced39fa3e807c59bace51cccc3a1bb2309ad2b1d

  • SHA256

    90cd18e755fb9b71edc7f08c4ae390dad7af8c8d765c242746f1aac6a4da6287

  • SHA512

    04d920e59b74b5efe1999c207ed06791bdac79ff56fdb4269f1b380fef25cbd58487b48af17d480d7d4cab527fa163318101a6b1b25ab3333ba5fd404bcebe96

  • SSDEEP

    3072:9/ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Ddp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\885a4074884e031d30031f0e1a534bc1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\885a4074884e031d30031f0e1a534bc1_JaffaCakes118.exe"
    1⤵
      PID:3016
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2212

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c2b148b58661e9c64768e89601b178ba

      SHA1

      e7cf82ec396f104866844a04878ab0ac3c034ca6

      SHA256

      16c8a7e59d7481b82f80f96ebcc58501c61f69fb31f9b4eaeba611d9e717b58c

      SHA512

      33a4dda6d0bc4d74b6f7cff8b9fb777af047615aa9f232fdd6f48efe5eb3bba30409a5b16f8ef5c4a756f697aced9e29ab2521bcc3b08412078694d95367a9f9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2a5c5871d08d4646c671d1fc28d832e9

      SHA1

      6939ef587b97baadf688165d9e843f0dcc6cba37

      SHA256

      52e52596562044d1f7b14a713017a0971f0c99033072f502ae348b6b0ea31a8f

      SHA512

      6b4dcacd7de8c33198bb252a20a0c9a8c8faf6a485b1551e3752c7f8e3b21c76f8aff19a4db3c8653a4ce04be672921dc9d1e0d55132e263a2e7414add6760d2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      85a8cb672573c6d6cd917bf8cd337044

      SHA1

      0eba5d52fff8585336bef0972fc7b6d5bfd8834a

      SHA256

      03ff921b431c442bd3e2530f8b124f77a5a566d461b4f7ae00d7a9c072e70749

      SHA512

      fc5a1685e387b710547540076bf61faf835e36aa072ed4b082393f1f2157eb8210969cf41b194458638e8e82855cea54b2553413c49eb04157c1f71fa724c3c8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dc38c98471e0cd9d7ead703b4f2b3ce2

      SHA1

      10de0e28c762806171044d2137b05468acd56436

      SHA256

      fcf289bb50a8c936c753eaee5f91b4e5373833054cbec1c21b2fd0dd583ed8d6

      SHA512

      fbbacc1e9844a0eb80bb55005405d5891994e34b0f59eae91d4a46d8123ce8e7677a83c05cb4cfc6e72585198dd769654ece924c8ff1c71f0ba66dc454a149c5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8df92bd4b9ca399bc71b16afa3d4157c

      SHA1

      0083334c6f3178edaf378eb23822ee846c845c81

      SHA256

      24a7d23dd1001f2a4ec11a909cc669b9ab68739109c64723bbb7e1a805651bca

      SHA512

      a86224317d23b2a2c808a576ba892646acb157ac1fb550e55d86908d193ca31660b0f40c832e1f64b0461d065818ee02b73df3858069a53c8c5faaaf279afd1e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bed4e313c89ed66a89808808feb650fe

      SHA1

      4952815fca3a211229be228225e0cff2d6f9a5d8

      SHA256

      0c0c024515f88fa73669573bf459ddaac03618835fe8fd4fa6fb67c3cd13b237

      SHA512

      6b8e394038ceb91b0965c97cc368a89168a54d7ce03de5358fbaf67146a3a9fedd7977c1228a3987a06cc200ca91758fb39929b793522b3c7eea6865e36baa39

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8b9c65ef62106f99812a5c8cefbb35e3

      SHA1

      0cec2cc195afe80fbf89311fa21544fa80e3be84

      SHA256

      fa18415f68572fc9a25fdae301808f640ba611ead3d2b9939d0d184a1ac7de95

      SHA512

      52980f1725b7f4b6b1b5c1a0e8755b2386f7bfb3f6e568e54036b6a2c176b0039018e0f653742baa4079835451b0f05cbcaa9d8c7bf0273be6dbafd3d5a02811

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e2c44e2f9ec3544deecdfe74a5d51406

      SHA1

      3237cfd17e735fa78dd12fa823991cd16c05e8e0

      SHA256

      48800e6a82436d2040b1864dfd204017a874608b326d63ccead861ff84714ad0

      SHA512

      f8322aeb37f1f0314f969c88faeab69330b21bee434139dd069064f59e6c19f63a3b501810f65ffeeb057a0ee66ca026b6bc566f7be4be4093625369bb34595f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      922912848094fefa09b06374437cef65

      SHA1

      2d8380acce3a8a993e005d4992f854bb9fddf42d

      SHA256

      3cdfcb5eedeb611dfb6ac73202205a0a3bb00d8dbbb4144725150b569eff538a

      SHA512

      ee9a1f34ca34449bc0c43650e95ca416c0634f6fecb32b18ecacf41b5757c6714e24e192eac47bb2f81883f114880fb9f648f4f7aefaf5fdac3b8e12a9af19cb

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab8538.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar854A.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar85DD.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/3016-0-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/3016-19-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/3016-8-0x00000000003F0000-0x00000000003F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3016-4-0x0000000000280000-0x000000000029B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/3016-2-0x0000000000435000-0x000000000043A000-memory.dmp
      Filesize

      20KB

      Download
    • memory/3016-3-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download
    • memory/3016-1-0x0000000000400000-0x000000000043F000-memory.dmp
      Filesize

      252KB

      Download