Overview

overview

10

Static

static

3

8b79fe47ea...18.exe

windows7-x64

10

8b79fe47ea...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b79fe47ea940ed43e4fc6684a272a39_JaffaCakes118.exe

  • Size

    203KB

  • MD5

    8b79fe47ea940ed43e4fc6684a272a39

  • SHA1

    46d03d4857b8932e03dfee3bcf360bba3e8fb52f

  • SHA256

    a3f53bff034e370c283827fca005a1aa64788aee1dce106da61eb60dc327fbd5

  • SHA512

    6daf80e5114933581563b9e52d2424060baeb2d8905914350625eb3609605980eefc09d92a81c436211b29fab38226444cfed08fe1871589a920eb678f97840c

  • SSDEEP

    3072:9Nji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Rdp4uPZzGonqXGXh0bluBc4GZ5

Score
10/10
gozi3162bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b79fe47ea940ed43e4fc6684a272a39_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8b79fe47ea940ed43e4fc6684a272a39_JaffaCakes118.exe"
    1⤵
      PID:1968
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1964
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2536

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fb51f0207f857249bbea4d4bf01d9c29

      SHA1

      d359879e236116b63a8120692ae940a67a9ce267

      SHA256

      648b351a47ea1666c6c24c9c53551d60a72544b196b2902cd09fbffd8e0c6986

      SHA512

      04803709c6a6c394c4bc6b583d7aea8e679d33de15dc79033e3f8864d84b64ec9807a3af6ec5226607bb86d60266dce07861cff9c95d7e44fd85da14d4444a9c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ee369b025ea42409098613ec68be9b46

      SHA1

      82c5109ff98f08576cc154bff8747ef41dd3e183

      SHA256

      4329aab030b05a317bed6196c93021648265d51747a7cef20a9a35e552e34b7a

      SHA512

      4839af2c4fbd1dd8b7346bde31339f29d3bbf1395463a4e191ca645a403a02b68a0cda54a960727e0915dd8b52dc8bdc277aaf9300418bc9cbe5e2c672679744

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8900f1fa02f6a1e006e706ab9f6bf02e

      SHA1

      8a34fc3f8c0114177db6142ab17d95121ac70c91

      SHA256

      c3bc590cfa49294f3f70abe95eb2b3349ac0680523bcf5df07cd7e9011770104

      SHA512

      f1565a178914c4d70693e7413fca71ee8f4a6caf2d580e3fca9e419bcdfb869c4afcd1c1546c4ddbbdeb13ff175693859838832404d942c9edb557e99a07955a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      179e0fd4cf27f189a168545052d0fe85

      SHA1

      4c9ba8dc0d9a9ad4fbf80b60a4da5b9c31e4eabe

      SHA256

      8d4cbdecc06f9d1727de18da11dfec83dfbf1b733828e63b41a921e0843436c0

      SHA512

      84f7c58136b8f0331e588246ac5f36fc7a3ef6701d183ae6583cb69631b5e1f80070c460b0283b66743c0ff57d90e16e0a4271c632fe9a6c36facaf3700431cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ee7e747cc16280f7357bed77d466b5a5

      SHA1

      1cd4f21548c7ea3f9e24b7982fe33fd3442bd131

      SHA256

      6c6a7b649bd1f16e00b6d5c8acfc1ce9baa924045049bb51ac2d95b0057bc8f7

      SHA512

      cf362c0b15a45c6ad3fb2add30529d1a886115303479b7f3c1d6f4ba4a6dde9b53a1e80ba3741e6119292ff6a02ef5feb2dd3a0514f929c11d3e2e14ec8f3db3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5fa189352a785097e1a45b6bed11b4af

      SHA1

      33ca09c293a7fd09fb7c24b3344e1b149d3ca7f3

      SHA256

      49fa090f1c66ba64569f43f6cb462a8b11b91b9f475fab68f9711f54b01b504d

      SHA512

      41898e6ab927171db923537152eecbc9f56c5728a90f1c81f041b2552d96738b1f70a63a811cd8296a834f4537cc67aa461eed5d4f1bf0aa1a260e150278bd34

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b8849b539b04ea7c983c920e6bc1ebc0

      SHA1

      42fb1262cbd78d38129670eddb3b13c1e73f81ae

      SHA256

      995c4a5ad9efe5b5a0b19e3716bed68679fb828f477a617446b79ad23251d8c9

      SHA512

      1dbaf890ac8cddd3018e7f88b6485d09a7a07ae4196c2cca1f5d9d9a87b402acd661bbb740ddd67037863c09ad1c7f3afb7ab3de6b220f782dec8f3288de0647

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      48ab5cc4369c0752a7a5e614e102db43

      SHA1

      8bb86312b052717a6a380a0879c75b984f8eb13a

      SHA256

      228f2f1bc207b1ee9ac7c73703d3c1c0845d76857720e3b16aa660f48074b100

      SHA512

      b5b9d334e1d70e029f58be5122654ddad8190187230f5138f2f37f7994b459fc1ef5adf4c9de6b576cb03f83216159df23b7123ae10dcdf6d754153fe2415157

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab2686.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab2783.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar2687.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar2816.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1968-0-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1968-12-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1968-8-0x00000000003E0000-0x00000000003E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1968-4-0x0000000000300000-0x000000000031B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/1968-3-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1968-2-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1968-1-0x0000000000435000-0x000000000043A000-memory.dmp

      Filesize

      20KB

      Download