Overview

overview

10

Static

static

3

8a0b3d144c...18.exe

windows7-x64

10

8a0b3d144c...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 09:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a0b3d144c4a9a780b415bf7b26e2960_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    8a0b3d144c4a9a780b415bf7b26e2960

  • SHA1

    61a82b358728d71b38dd5156ff5aa92828daadd5

  • SHA256

    d78ecde6df24fefef83014d4fcbc4f61066592fc1385279828b548d090312fce

  • SHA512

    1cc3963209e53d88ed422bd05adf78f08c6908094a28221ea62efaf9c0fad817b7ba1a422a8213d7e6eff64312ca9b71acb6a59638f9fa0fa02dfe669cc92ba8

  • SSDEEP

    3072:9Qji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9qdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a0b3d144c4a9a780b415bf7b26e2960_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8a0b3d144c4a9a780b415bf7b26e2960_JaffaCakes118.exe"
    1⤵
      PID:1740
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2596
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2644

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2f4f5b333037808c86141778844aa6a0

      SHA1

      ed573bd0d2a267beff0c1a7e5b89b5c49c59b457

      SHA256

      43b0957e6e06a0ac7b05fd4cfb9a01a3671bcc7bc29a8da4b6e4eddf022d9311

      SHA512

      3c853430397cb82fc45c0410da19f6de45d055abed95f6e7774d30d912c816bc96577c18749d00d34827680b9a13aab048681974f33b0a160e80777f3de144fc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8ce8985b2bd3467ff4c1a1d03682e8e3

      SHA1

      40a6574a47c89e6a646bc35ba5fd3116668f68d9

      SHA256

      18f3d01bef1f9a9695d9a55c321d445eb05b0fa66619ec5d4af1d5e5cf492461

      SHA512

      0ee11ae03b2d3ef865a254b83dde7e0b2f1010e1efe857fdbf4489b01fb62912b5ce992f572c0b15dd88058c180588e0fb658ad80e405bc9887095de6003b888

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      091d0d5b233f6bd4ca7c1323190cc203

      SHA1

      b8a80c2d56a84d138f6e4e4509b7ac726895e3e0

      SHA256

      8081fc99e1d79ce73d2ca2ce5793de27b3c4a710c76df0c31f9e6cb0b7ceb795

      SHA512

      a5656e0424982cd8dfb9d31877b45c22095b4751c4689e52d07b41e124ef800d0ad48f9b3d5296cf3afe550b1aee059ac50f8ebd7824ab240f3d8e2d426cb185

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      66beb8f7e75984d04777d83ff7bad827

      SHA1

      fcd57ca6de96e944bd056e0428ec8e091c5671b9

      SHA256

      9636478bf7bed650e6d9b868926886a2c38a24ca2e8fbb77c9d13e74390d4fe0

      SHA512

      1cf53d058b41799b74e35519f76a1db9a27448d7de4822411ed8612a72ad960eb1cbf74dbd9971f299dbfb3a6a575cd40b3ef10e96a61420d0432fdf804c3864

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ebd8f513d0c0aa7a4851d77d01b4f169

      SHA1

      6fc19dcaa27e3f180e8f430b9206cb61d30c8e95

      SHA256

      86e498bf46ad45e976c2114b387594012eb183acac2ef7224d44f044685812ff

      SHA512

      7317a1fdf4721eeac13bef534e16234ae664ba04b8dc2435cdd137ea715ae84e1ff29c759d29158747cccc2f9a9f9be7ee3ddac282767800dba9ef16356e074c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      520cde4e82416859926272f704c60762

      SHA1

      4751410ca3475ad3ce92304e42a5ed6d6e9fd7b7

      SHA256

      38e8f17f70fd9a9a12028566c363f135b96c61afd5634f577658ea86c8769543

      SHA512

      5c4999a9185a57ea6d7e8075755ff7b796f178e73d0a3df3f348c74968185a9b2fa65e7d3ab3295f3e621ab2e86bf821a1003327727491d15abbe5a7bdf57247

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      486a6923a29fd53b6c2ca1d89cfe71d8

      SHA1

      541b97a8ef771ae22ae16a37223f4bccc584ffa8

      SHA256

      80c2896399547414613006dabb33ffd0d0c5b5f3f8737a68bf02b15c1a6eb538

      SHA512

      e04ee177394cab957d64c664e266257a229c6cc7d9c9ee585efc566f76289ab859947bcb0699d2192b8f64c30a71b48a446cf5e0b309d9053621154af5009ae3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2c18d21e964463af6a4fe9d49ba54fa7

      SHA1

      64adf72c51767748b3b381ceece9d29e54700724

      SHA256

      f510f9454de6c7c3c35c0d555bca87b27587743b09203e4beefd8b7ddd337964

      SHA512

      23b0e035e4bb8444afe678e92be7de291d8e92aa0bf882f634ab1fa1e95bca3eb8113c0304772279681b2335d0d94be3b39714fa85b7d3d39f52a91ad1dd1206

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2de36742274e0249eaf31758aba02b89

      SHA1

      9c3a2d5968591e42a13efc64f27e4d86bd5b7501

      SHA256

      3e76ba330b13af34ba504d406bdc9f4f72f448ba410acb0a06ef3d5a6eb0a79a

      SHA512

      0ee47b0d229484b20e6d6a373db72d36e0e20f81ba05c1fa745f98f9e078afcd1f2ae6a6598fb804e55fbcd56d303dcd5be97452d4626cad23a8061a05e0e9db

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA7F.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA7E.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC98.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1740-0-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1740-19-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1740-8-0x0000000000320000-0x0000000000322000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1740-4-0x00000000002F0000-0x000000000030B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1740-3-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1740-1-0x0000000000435000-0x000000000043A000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1740-2-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download