Overview

overview

10

Static

static

3

9497326cb1...18.exe

windows7-x64

10

9497326cb1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 11:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9497326cb1d85cadcb428912b8029072_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    9497326cb1d85cadcb428912b8029072

  • SHA1

    07b236e7ab0028c7884d5ad1f4a3e045a4abdc16

  • SHA256

    33b6b1e5d890bc458a7eb8bc22602e5d6c75b147645722c30b917a70b44f9a0a

  • SHA512

    80782df91bfe9f6093dc1cb7b7a6984303c52e1514d6e69364e98b237e8e93b79a44907fa3dc9e3883e563d16008a597df85f39c8609cd4d07faaa65ffd03169

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0N2L6BWnqR+yV:BHXDy1qVvZnOe/HEyooWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9497326cb1d85cadcb428912b8029072_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9497326cb1d85cadcb428912b8029072_JaffaCakes118.exe"
    1⤵
      PID:2268
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2548
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2580

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a33714adf121349a99b39e868e66d344

      SHA1

      d8c66001a695ea478e2bb41aeea145237947bf69

      SHA256

      3b698d4bf20381b693c1584c630751dc264f2f624a963f7f1b8d22cfac83080a

      SHA512

      20fb4243349dee872957a8061b4fc622391a473e464f69490fe408038cb69022749755524808c912bb477f856649161986b7b36ea0dcabe8b6f2c9b57a80baac

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4fc06ec2a59720a363017888de972c50

      SHA1

      05a50be5d342031642cfdf05f5c462c4a186be84

      SHA256

      e9c1010c637aa396b0fdf847030773ada753d43c7c09f70df8b34e43e788c03e

      SHA512

      24331fa1668e24872fd8c5bf908d4d9f2cdfdc8cdf894b5d05b1f1bccd227191e93007475ad423fd0f987a5a3f833f5accff5383ab991fb1941af885f988008b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a603208fc0297585e3146eda596751a3

      SHA1

      d4bbc12700ccfa1b553fc801334820bcd90a4d64

      SHA256

      4a41823b8af817fa45ef35377494877b856e1f6c812c7b5da6e131cd774db13d

      SHA512

      f8b12339f9730d30d3b7aa424c218d31225987599fc92baf39115ece609bda16f7491f1cd02e2711291a369ec8c2ec944b06c9f91c4896d8b12367016bfc200a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ce47b1ca4982e2534077b87aecc1ac23

      SHA1

      92dae5020ee34bd737f3c9afe8890ef342908d2f

      SHA256

      a7e0df69a9af6236fb3449630d07eeeb0efd0664dd4ca2258d1d387dedb9e314

      SHA512

      0dfb1c2a95deab1ba7588195648d1cefd6e25b1434c966c84c46d03d02f5acbdfa4ef05604b91981308cd1a4f5fa7d79c8d5acd8c1d738d9f7f5d0fba90388a6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      503eb9e9204319b52c10bf085a6b3278

      SHA1

      0bb8695b6e8d2e51d7ee8401b32aafec4ac30110

      SHA256

      03a044e66a34af4833da33669268eec15fa989b06f6543f683726182e4e55ff2

      SHA512

      3f4d4955232519c74119f3e32d37a0d0c1ebb66cb6e37c7dbfc464f15834d871094ae57d51fa168b729e0803575a04bc5c35a375a5ee68147ef9c7777068c3e2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      93a2bf96964145fb96149fd070cb347d

      SHA1

      456deaa025b880ab750bb13da76e5b5b6272b909

      SHA256

      ba7f3a9eb79d95a018309fb9e3edddb928a76f942bc493c50514555b5cf13113

      SHA512

      bd413a6ff045114fd3e2c9f5e8dbcfa7ac990a1547c430df9fab37df7d7ecb7255f63b74542f8bb249a5f0b02380478b34e98505bab8c2ae1dcbc436da7a097c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6ff57d2e257cba40f68c56cc7efe8635

      SHA1

      433b1665fc256a62a8b1c33c20ef412bd45af230

      SHA256

      e4c6a743cb024026a56dbbbadbd8f0daa0a745771b4c9c0e851cfd23b7a89c4d

      SHA512

      fa80e34907e1897e7aaf5f67b5e231a03ad922f5740962ec8b503b3e5eecb470e80faf8b707b92233b44060945264cf16723a4832c6b790eaee7c8c5c823b080

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bc27d7f471023e5ffbc5dbf19e48ed92

      SHA1

      19c8bcf030210ba66999f131c8402da2fffd25fd

      SHA256

      286c6408adfb027a7292b2b254fffd3a371da8f0c1be7f2777ac3756a4f7c0ae

      SHA512

      a703aa2e5aa42998f098e333c2fbd5ed07413316d27db29bb742dcf379f28d4b8f43268ed5b78a92aa753da31f7fb3f7fd0e2f8d6c33fa86b92d317f440ae0de

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7f7fe4220ce6fa5ff4a1c337b630f3cc

      SHA1

      f12be2153fccc1611508b56751c85dcb528d2e8b

      SHA256

      79c6896112eed8ee9b7e56f0334de85f415033bdbd19eb266e967cacab136ee1

      SHA512

      113c705cdc434b1c08ee3b7cfa1a145905035af0e06841146660e7baee12fb469beece09acbd506e6451a1b0e1bdacab15e7b104e3a76d82521e272d2b47984d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9770.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar9882.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2268-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/2268-6-0x00000000003A0000-0x00000000003A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2268-2-0x0000000000260000-0x000000000027B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2268-1-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download