Overview

overview

10

Static

static

3

98b18cdd57...18.dll

windows7-x64

10

98b18cdd57...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    05-06-2024 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98b18cdd57be2e9c4cbe26882dbed293_JaffaCakes118.dll

  • Size

    397KB

  • MD5

    98b18cdd57be2e9c4cbe26882dbed293

  • SHA1

    1e97f13752d17288b8407d7a9915272c29ba7086

  • SHA256

    b08cef1d01353f794ac2fe61edc97100fbabf82bc9489288c1d8c30fe8221822

  • SHA512

    eaac08996089a7bf37f506ac253b69c7bf3fc3c09811f3814f0743f7598639badd17e3c3c7edf99b4496c096758199f372687acf14af261a997304bedea23012

  • SSDEEP

    6144:fWBPIXnZ8w+PS1s4LsdAj9Js5SwwLBYkgI2i/goeyn07+BKgl:lXZ8wWSi+sVQwot1/Rey07+Egl

Score
10/10
gozi2200bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2200

C2

api10.laptok.at/api1

Attributes
  • build

    250155

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    730

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\98b18cdd57be2e9c4cbe26882dbed293_JaffaCakes118.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\98b18cdd57be2e9c4cbe26882dbed293_JaffaCakes118.dll,#1
      2⤵
        PID:1288
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2520
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2512
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1896
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2980
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:3060

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d40a53f89477f396d5ad4acdc3d163c0

      SHA1

      fdb6833f27399b9fe8ed0b2a782c33b6934ce393

      SHA256

      e4cfdd719fc913dc1e1018d212f0478df102b961b593fea7ebe68755c95b7f82

      SHA512

      49b986bc4623143b61ac1942a99dc47ac66e16d52bbcc2e7e74bad68e1ab993994823a307775a5a89d361c54a03b74dcc8823a1dd4a3cb718c13814b425a9fb6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5df5d9bd8cdb7e4dcbb02a0c8cc88a7b

      SHA1

      7e20a0f4b97d136ce03ebb54694e8e0b75d01445

      SHA256

      bfeb02672ac191120a5e8bfbbf69442952a07588a48815505da09c67ea97a682

      SHA512

      8948a09dea2506f4e13b2a073192c9bb50453a61a0f7e23956a65967333a1aa75309c331b283d8505ab7aa2597c40ea87481c945cab2a268cbeb93f3a1f40028

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c4939c20dc2ce4068a281f779cf1f068

      SHA1

      ab492bf56ba3ce92c68eba61f73a61654bd594b2

      SHA256

      37f9db54f2145f991249ae0d04651f1e4b784f5fd25fc8ccc8c7d42d10f04da7

      SHA512

      b888f8613c3c31047516abee96d8bb959662a468c1c66ac2b0100b67b5453ee2a40560b69fb57a29f43a5428f2c214afb3878edf6dff12f2a2f22081ff539057

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8108978de19aba0f3a2ed45af01c2e54

      SHA1

      0c91b3e67276408c5ac6ba8b3763a6656ffd0209

      SHA256

      8f60bebefc09c661141a627fa9693ca51a820f231e1424e9ca25d1a1bcb45f3f

      SHA512

      25402c5e3f2404b49bce04a965d301c99efe5b3004130f88160ab4119934882f85f187341079ff329e9f82d9c3d93f03586872bfa109cd90786d15a4ff913177

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      15596f14af9e6cd49dbc0ffa19acf142

      SHA1

      ea0a509347cf2b9ed23d0017beea7daea4d74f68

      SHA256

      6957568b1d9bc44665c288570597a58690e741bd6943a25459621bbbe1ef1568

      SHA512

      e063862967f2453026d5ff7634d43e6877707dde92a02644029cd178ab720d4b2b141f6ea9586a98b08a08c04aa9111184a9738ed54b2aa5b6c8811c778fd66b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      75e58759e6192442ae254d23da3eed64

      SHA1

      1421cf4d980d1a1d26928dfc223a0e7ad3eb5a89

      SHA256

      3321e2d8c685311f9bf55b29bc1ebb086ecf731d79cf0be9922bdf966e6aa997

      SHA512

      fef70652adaf43057f726a8aa27eec27aa25d7936625894e7641fee42420a93b2f0275b3da82b7cf7f5d6841bfc9cffe226b80dee2ed28e94e8961097ba06890

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ffa49c679a323153bf6e32798c0e4055

      SHA1

      15382bc95e222e60c23a0b68be17e37db95cc375

      SHA256

      d39cd18233f0406c70bab80a99bc65043c46d2627b98ef234de43646871526da

      SHA512

      8fd8dc574c10b270a9e65fb0598cbda55eac7e47884324e1095f99424d00894774c480a65c66e5d005a9ded2b2a331e0de3b80c524a4eec54619da43342cab8a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      15b695fc514a2c849c57d9c0c25aac55

      SHA1

      4e24a01256de59f6211a758c05e924213d4b1328

      SHA256

      6cb75241ad46f47339abcc5ed44e79667223d4ce2d57538d548264d16364e9b8

      SHA512

      663836030aaf7ec9deafaca94ef767c11b8fc1b05a37932a41d90b2140ae8296240aa013551dd4651068148e1b3079c8440ab16080958da13cb034fffd0dac52

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab22EE.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab23CD.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar23E0.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF3DF51A303BA46034.TMP
      Filesize

      16KB

      MD5

      c3b3a57a1d365b6f5e89e18c2005f34e

      SHA1

      2c4c2e372524fcc65ba1acf6d1f7daa271202b27

      SHA256

      eeddcfc60f5c29f33f84c190c9f161aa2a900515f533e46ee6d46e151a576966

      SHA512

      2e07fe5bf0e13fee8b857300983c58da14249cea221e79b984683e1889cf756289da16bd94d2ea99dea5526bd34afa30ce506a359b3a004d8bf42f791ff97b81

      Download Submit

    • memory/1288-0-0x0000000074232000-0x0000000074236000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1288-15-0x0000000074232000-0x0000000074236000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1288-7-0x00000000001F0000-0x00000000001F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1288-6-0x00000000741D0000-0x000000007473D000-memory.dmp

      Filesize

      5.4MB

      Download

    • memory/1288-3-0x0000000000160000-0x0000000000170000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1288-2-0x00000000741D0000-0x000000007473D000-memory.dmp

      Filesize

      5.4MB

      Download

    • memory/1288-1-0x00000000741D0000-0x000000007473D000-memory.dmp

      Filesize

      5.4MB

      Download