Overview

overview

10

Static

static

3

91ac1712f1...18.exe

windows7-x64

10

91ac1712f1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 11:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    91ac1712f118587c9da912cb877ec59c_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    91ac1712f118587c9da912cb877ec59c

  • SHA1

    7fa5ae9c3d4a5bed6878219adcf35ee11461ac3b

  • SHA256

    99c091acd8bb058aea0b39b0e85745ca0eb648b802f553360a502e08d5a024a1

  • SHA512

    703b66f5d7a55c22402be7b9b6ff2d39374a6fadb57b64f66ec5ada450200278bf6eb2fb76bb7472dad0cb1e1b614db9aabd1231cef7a715eaad3edf1ba400b8

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0G2L6BWnqR+yV:BHXDy1qVvZnOe/HEyo1WGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\91ac1712f118587c9da912cb877ec59c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\91ac1712f118587c9da912cb877ec59c_JaffaCakes118.exe"
    1⤵
      PID:2776
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2440

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      80dc222405de630db84ae3258a6c960a

      SHA1

      15d9a1e0442dcc3adf7c733ed2285aa3c2375d9e

      SHA256

      a254bcfbeaed75bb5c9eb5aa91004e4e724b597ad340c56c9ac5b7cd31f1c05d

      SHA512

      23883f62c3890c55947466f8ee06d2b6fd50db4b2dccba678a6bf40b6aa68c47bda47fe3c5693b5d80dbe61b44cf1099508b0f1f7f9e195b676d69055bbcee93

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7837637af1fb17f7bc0f89c0b75164cc

      SHA1

      a5463560261d9ad4a5ed6333bb3fd7547eef0def

      SHA256

      f79c76de8d9f483d6eca113a4a6472ce33a1bfa424133899664535d03ab313f5

      SHA512

      4e6f05eb99a0148ffe8633a408a892f359f883191f71dfb4a72355acb5c43902b42cde9af33c49e9d886ff43c8fb04e250526f525170eaeb842a6c68408a4e17

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      80929182e4501f99f731f791abfe2802

      SHA1

      7d3684efeed3c900bed0cccd9c3b048d5b5afc90

      SHA256

      6e4d77f4824cdbe14138bcaefa983ff651cc15caedbb5f7bc15ef6743787fd7d

      SHA512

      ecae2ed06b30f6ae30179f8d44efec6c44d031c867737872c45a4774a0deda9395225a9a9d51b49ab4ce49e851a1db33c253e2035df6bb45d1653a71dca53711

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4d89a5964ce40f2154da9a0c3208d181

      SHA1

      54673d3dc34d86a5caf9e5d1826931877a86193d

      SHA256

      f333620a2fb24752ddbed4b088b79d9ed37494ff7e57f0affb8d30c40d5576d4

      SHA512

      6fb23f887713d6766267fafd5068d8427dedc17f3fc5826d898bf4ddd19b7745f2a275c2feb50164485cb2b1aab1e58f0ce6b29baf63849b12bf62fefe1b6629

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8b9c8a7f8eb9ef51adc8058b59610ba6

      SHA1

      93dd11a13d03aa992abe9ad5f4d0b96d30a5d103

      SHA256

      4b359c2d34b138287e349fcc0cff141d75f8f3920cb0e912ab24d14ebdff8008

      SHA512

      1113600bb9ce4d1ba3548c3f179b85718b2215675e42856eac943e5e63eb472c2de189ed370e6069203b90e265fd7eb5e46444ffb6d4fc1dd9bfa8e12d37ccdc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      95e8b599f4f1de4c6961e8bf012d4728

      SHA1

      cc28c14307a20c481de8fdd65f5665c847ffb704

      SHA256

      331af35e01e1d402280b6f1f7d4485e47297ce1ff2a7c9d54af1817a102b54a9

      SHA512

      89a7a6a93ff80fe132e96bd303e1ec911c3fe4dd7b8b61bd3c852bbc357ab32c25f82705756cbbffaf9ba1aa3ed1620fcecf7dd4257f6e38ce081297712fb2d5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6fadab4813397b84f5576daec674b8ac

      SHA1

      b1eb73b6f9580f1f5f8d37b6509550f1e4588bb3

      SHA256

      5597c3ec2cf3fd1400e1e599a11af20622e305341b0c8746abe1c8f8f736c3aa

      SHA512

      6b0eec5fbc4dca36f28032abe127513f6d0ba9a87916ce3f9223210582f11e9c0d0f034699188023916f9fdb5c94d8cff9bb5631097fec049c069c411592ace0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9b52735d1ad5c37e5fc8508224b2161c

      SHA1

      3ad60c060cadbffd03fb6221b0f966eae3cd2285

      SHA256

      5e4ffbcf7e210fc45d34547a77dffd326528ecf5117accccf7174d91226a65f0

      SHA512

      49552e6a1821f1d56a6336060f0c9efeabada52744467bba7a02b1c04d46acb9fb7121c7a87262c155026079327ccfe6607b5c10317f42576302cca3d5ff45ca

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d23e661379eeb98775617844c4f93a49

      SHA1

      d699c16f72f8903fcc6cdcb587c4593793d0f3f4

      SHA256

      6830d0bc3f941ae057ac27d51ae7348f6ebaf8f72d83f5c5b1b62854f1b4486a

      SHA512

      721606b2a0a52b1bf28942729de8c06332992b5311db8c8f0825dbcf45ff16a6b5b1856ee0ef2a902251131e4c467c97551595334bc762105a07473051ff45b6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab20FB.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar21DD.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2776-0-0x0000000000400000-0x0000000000441000-memory.dmp

      Filesize

      260KB

      Download

    • memory/2776-6-0x00000000003B0000-0x00000000003B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2776-2-0x00000000002F0000-0x000000000030B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2776-1-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download