Overview

overview

10

Static

static

3

8ddc8050b8...18.exe

windows7-x64

10

8ddc8050b8...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    02-06-2024 11:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ddc8050b86ecca719e1addb557d408b_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    8ddc8050b86ecca719e1addb557d408b

  • SHA1

    84352f82fa725ee3f121a0ac49a0ed8c78abfe14

  • SHA256

    1a6dccaeff5a5c99ae17c5c78bf370fd759386061edbff77e875225d908d1325

  • SHA512

    92b53c98fbae11bea29203a967f37c60999923be640ceb3203b3d72db10ca1549bb343a0dba64766215e0260a157084f8f8219c00b6bf7bdf4ea70a3d743eb31

  • SSDEEP

    6144:4VfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:4VfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ddc8050b86ecca719e1addb557d408b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8ddc8050b86ecca719e1addb557d408b_JaffaCakes118.exe"
    1⤵
      PID:2400
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2568

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5a4d73f4a4f6262c1b87b611faa42435

      SHA1

      24e0653f42d4e333bc9534a00a729726c2b07832

      SHA256

      7c0b1851f39ea973c83f8eae49ae0b9868dbf39494432f346d9c9debc0e857b3

      SHA512

      359fdcf0a00854d7c1e53eec8eee145de26984ee15bdbd22b62d0bb6358262752653fe9706bc17b104ac415fbc8aa0a57a8b8836806e75df0899b66793b57cd0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d0386763d231847ee602412637c90dfe

      SHA1

      9e2850b4908737d27f8bb5c824ee7c3dbe1e0252

      SHA256

      b85e524adacd55978484018d472e2d9401717f3d35e0ed71427c36234fbcde4f

      SHA512

      7bfcf465d0d4cc4f4c3ad21b74cb7a35a42d9f8d377817cd2c47ef468634fa757193feb0cc49d94d395ea095bcfcd2dfe2589d0d56032c5111f4975425c8fb13

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ebf069c11a1fae157e2b6f870f076634

      SHA1

      ce949e68a576dddbaeb10e4efd0b0773a58dacd8

      SHA256

      b8f69c9fb5455f78ee416534d64a4f7e2ed277ce0380fc969d07bce283155825

      SHA512

      a8248d47f416fa28f8b6c936838fa640fd427abc2607bc455b4018587c99a2dd6494469ab3fb220faf5013fa2e5fa46e75c3c11bf50ae36b9225ddf0f9d146bf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      eac935d897ec702d314ac57ece92f7b6

      SHA1

      1cb124a5513c05a93102615cffb9bcff85842adf

      SHA256

      b01281c03efe13e4a9272781f5c3d91171a6838b073355311259794e66d98a04

      SHA512

      3a5a40c4f26650f9fc3f3b419c44b53977e8a0d33648627e0044935fc5e6e244d80d09a72cc408321a80ee28f6028c152c95c12450026e6ead7892d5c61cdf80

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d008c6059e1e5e55e9789e2483e6edc7

      SHA1

      c9f4169160bd889a3d90b733770c20ab466cdae1

      SHA256

      372ee8bcd0ee8cb239a6cf00427b23168fae9e8a60f4fe67a9ba83ce33ba8fa7

      SHA512

      3f8a7bd5e699e91e250a7b51e4ae306817c6e593416db8c467436ff7b5866b63572f60dc2b5442a51a52f47028214aac2c5821a8f63965a841a3de8a68d0e52d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      143a8a2eb5ef086eb415eed16fca23c4

      SHA1

      184b1dbd3b303cd0c789f083229e9be5c322c232

      SHA256

      411367cdef1aafc0d23f60851ab67690e3b7a820b9dee8d1a563d4afb352b1af

      SHA512

      104208cde5b6fc9b082ae2b5eae209db8319f06bd4f79bf644a47f7cb77f97f58efe82ff90f6b8cc15a4cba8787fb816e4aec928fb0e596280d49881e1806a82

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7a976d0318793f17612185df6a4a5d07

      SHA1

      432498e0debd3e22f4500ded7c5e8802b85c47f5

      SHA256

      078b52e43cdbb0ca584969222689a529f9cc158dffeec4a6c1c878edb734d4a1

      SHA512

      4d8450f1a931dd2e777daa230ec8a47b45240fbc1bc34cfa5eaa9afcdcda4ec33303711095fa2c9de983ea5667aef00322c79b803c3f32ae883fbde1920bc416

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      86794241c85f08cc1311d4d3673f6416

      SHA1

      c4f9c7b8f1410431f35fbcd38eadf3726449bc71

      SHA256

      95debe6db9a77c34324b351e84b482cd068cb0f0bad182aac312370a8c1c5bd2

      SHA512

      b41112b53482c8fe7510e5cebe3a8c80adc26c05107c26e80dbb57449839c12a0be7312bd1da4242c11afa2fb4024144230ecd312617f32260ec7b1cf53f8a35

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bdcc882d65c2756ebe1128447a387e63

      SHA1

      6df41f1fa6daf79b9f2f51d40c4b8696e704231c

      SHA256

      bfb06c58072e78dbf5f192f34dd3ed8954de8b00ae2d6662c651b1c698dc6735

      SHA512

      b8534fcb660604c11b8463b671f5e344cb0f59c9ca4175dc01034468ef552b92a11757093b52f909910fb3606ec6166ce75ba3f1ceb4b876b3496a498485d239

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA6DC.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA781.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2400-0-0x0000000000E00000-0x0000000000E53000-memory.dmp
      Filesize

      332KB

      Download
    • memory/2400-6-0x00000000001A0000-0x00000000001A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2400-2-0x0000000000120000-0x000000000013B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2400-1-0x00000000000F0000-0x00000000000F1000-memory.dmp
      Filesize

      4KB

      Download