Overview

overview

10

Static

static

3

8f4920968e...18.exe

windows7-x64

10

8f4920968e...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    02-06-2024 20:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f4920968e4de43b53d82fd9e1dad8b8_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    8f4920968e4de43b53d82fd9e1dad8b8

  • SHA1

    cfcb94764426874dcd91965c41fc9ee106327907

  • SHA256

    c1fa03f2da11d307c6e2dd7c906d41a4e94478442ad94ae55ff381a5b9a320fa

  • SHA512

    60768faaea7dd22404d39fcf36a3805ea917fc77e38fa821043fa497e75464be3dacd805a4a9d1601f08fef3e937c51aa96190b7f8e25f383dec6c2ed5510fe1

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0Y2L6BWnqR+yV:BHXDy1qVvZnOe/HEyoLWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f4920968e4de43b53d82fd9e1dad8b8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8f4920968e4de43b53d82fd9e1dad8b8_JaffaCakes118.exe"
    1⤵
      PID:1740
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2688

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4445f57363b0a3535fbd55c4d1dcfe3d

      SHA1

      84321c6c37d2090a93073abffa73bfe09188c43e

      SHA256

      df54a3b4f538d9c95becd3707b1c18d1b7d7ab88ccb80e2ce0d5bcc1df781d92

      SHA512

      843873114b2d69d91f113fea71c3386d62505ab9cc1ae1cc704f8ce9483a5656f8654ab1d4ad7ca9edc428ab1fd00f4b3c2f7b32dd03753a50b28b2be82af392

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      91a9882d8fd4ccee03d7945ed122c6fb

      SHA1

      724c61c5aa1fa2352a2845c22c4e99195ccd5685

      SHA256

      d0fac11f4bb2653766228bebb74ce26c902c7ef4aa327a3b850d87de2ed3b222

      SHA512

      eedcdf14bf5154723ac7b21e276e886f2b21f7862598ab25ae48270894162a1a13009de47ac61f670b8789c11b374ffa8aa59ca4e6d6b1c30e75a519bf98b883

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c8a9dd4dcb91f241077e35d740817bf7

      SHA1

      9b74a6b702195c6e34211565397bedd124787606

      SHA256

      f6bf50f01e34d1413e8233d1b53ef53f9cd0c2532231b6a42eeda9e0922de244

      SHA512

      0ddf9051784faaf05df4bf700e118157dd527d3ae8d34896fdda2e5eb701e26438ebdd84e2b9e4f5c44fe2f36d2d97373db6a7f892e6714a91bf4cd1a4cf3938

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      65338f235f4f0eb94495b1d7c965c868

      SHA1

      1b7775111b50af2f8a614b641ce7bd8cdfc09f98

      SHA256

      aedb60408aff94d24f77a3bbaf8fdb7393b789f40a51237437d5b98a8a22ed6a

      SHA512

      c3aaf5643ed6298f53f1cccd88d45efdcbbb3ecd29eb4dac957a54d09aa585e57ee97f59b41dd40f54c76bc041b0bd1f6bd7abf9521d1fd7109a122b31efded9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e1dc7aa5c3164dfae4620ded2e596b35

      SHA1

      dab17fd17f81a773bb93152c32b3ca754fe36daa

      SHA256

      3c07eb09ce5f42fac943abb1d30e6634213d4d33f9a7bef2aeb4421c3b917694

      SHA512

      2adfd44bcc73824794efd6f01fa2e7a21dda4c5d20f45228d8d68b1b365f2d29d07e3677760c1138cadc0fd0d474e3708567395e9e73e4e2949535208446d2dc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f0e3420acee1264a51d28fa3eebbc005

      SHA1

      596f303ecbca5f39b5fc071c32d0f790487b2ff1

      SHA256

      4b813e59bb9ee023b558677a78d85e30c3738cbde70df6db3c2a8eed7d713fd8

      SHA512

      40604edbb515b81f68c79f1b4361883047c2c7e16154cfb50c082f7dd1bafdd6ada35d1456cc30074620c965962c5993e34f307561165833ca940f0df9ed3701

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a0595bfaf5c2be57eaa33e258a4c2df4

      SHA1

      0664b5666df8a8ed190509712c777248da051f08

      SHA256

      108759076492c8094780a98ad266bf7a2398d90f2b61b92ccabf2160df9ab2b0

      SHA512

      0d41481a76ec69dc0535bb0dbe956141baeeeb77599eae449c0577e20abff6481b3fee96f97d9124c1e055528b1c147eda025982729c0b66040a7422f6978cb1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      642a20b46ba1be6e688770dab9f9aec8

      SHA1

      8793519a8969c4501e8fe19dd912cdc810df73ce

      SHA256

      0ef4389579b14fa2469adf8e1e4d44d81a29c3745cb480bdaafd519af5df11bf

      SHA512

      2ceb65ef9790d8b898a4e1decc195073342a51a27b00aa84f6b0d84bcf5e3d5047537de6af48663cfcc6ad25d10ad1c65e6909e7a9f29cfbee395d5c1f804c6e

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA4F7.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA5E8.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/1740-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/1740-6-0x00000000002B0000-0x00000000002B2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1740-2-0x0000000000280000-0x000000000029B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1740-1-0x00000000001C0000-0x00000000001C1000-memory.dmp
      Filesize

      4KB

      Download