Overview

overview

10

Static

static

3

9fd1579cf1...18.exe

windows7-x64

10

9fd1579cf1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 22:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9fd1579cf1541c953eacbaf3cce0de47_JaffaCakes118.exe

  • Size

    1.8MB

  • MD5

    9fd1579cf1541c953eacbaf3cce0de47

  • SHA1

    9b6c1182422a09257bebe1271961f28fee704898

  • SHA256

    7b2d0ae7c31282f5a52bd8f92c7e0ce46b0ae050b5853c87b57a97e4293a1f38

  • SHA512

    9230f7f9e68f575df7b8a11dd9209d34c592d947cc99e06065318714f4bd4d8dbf848dd89d62cfeb687927edbe8403ec98e050eebedcd45937f416aae7f8ff67

  • SSDEEP

    49152:4SuE3+trqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L3yqPKIOson6Cslny8WR6wOHstehsC7

Score
10/10
gozi3184bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3184

C2

qfelicialew.city

mzg4958lc.com

gxuxwnszau.band
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9fd1579cf1541c953eacbaf3cce0de47_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9fd1579cf1541c953eacbaf3cce0de47_JaffaCakes118.exe"
    1⤵
      PID:2868
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2620

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      da61396c49e00100accd855d9dc7bd92

      SHA1

      89d529a68c101ee2c3c5b337d2f34f7acef75395

      SHA256

      539540dadffa16a77fef15834901b6601230d961658783cd4eb103ab911ed390

      SHA512

      ace815672879730400198c2ad3b3e7dacdae8d0c25d930985a11a15844c0dc0d815b32b432acef402484254ce14cfd9422b194d7961eb0f89d10becdbe2db80c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2c157466c26686062d5bd64b6a11e962

      SHA1

      c0186f1bc9d023e5b68835c556512c9f8417a13f

      SHA256

      48569f49f0960a835dc49e477605bbb7f26cf66d0c3958868a81c377721f3479

      SHA512

      fb3efb2ed51be10277234041c60094eb246e83f3856968121c02aa9639d0d10d1350b31b9b33bb499db342a5cf0b89763a5a05118ff64ed102eff0f1e6c6e5fb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ace790b0e15cfb16ae21ffb79dec3aca

      SHA1

      9cd693f8ef2ef5085c5b3bdbb7556446852fb1e6

      SHA256

      cef1804b0aa5cbd5a54e9cfefaa1e8da92d0979d3d87c968dfacca3b0469bf69

      SHA512

      9ffc83d0a921da472508115e8591f08468084d49b202e4961b742d1c0cf18562d7f3b259038e55d372628f06d87a0a0576c998772e1e0070252e4c11838ce854

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e588797f45bcca39e4539050b1dfd0bb

      SHA1

      9aaf9cc4dc986f8b07aa3231aea42ecd1e52b3c5

      SHA256

      9f59ec80cc4fb9bb327b53d6146e3780a02506371cba4042196d9ae4cc1a04ca

      SHA512

      7e63d049fc6c886d1df6bbc582be6dd66bdc2f078fa3fba406db77e8341d1649d12bb3a69de5fc5ee0f1955836e50dcd0abc4c103a9f8b93938e7cf631fdc906

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      abfe919d1d2c7c2cb1fdc933e8db9814

      SHA1

      5a30bae21d1327e8274b06007afd03ea224cfd0b

      SHA256

      79c509e991c70bc3ebe92bef15231cbdd8b68c3d96839dade987e495f629a9a4

      SHA512

      020bceead9bfb5913e1dab70e33c1a0e34eb50c9f3b4825c50c94168b7e51e4291fedeb5610b1d7168a06980d0c1b5a25ef4df8597f34df4db55e1a13778e1f1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      da64b778616bfd1c3e3582b0d74507de

      SHA1

      6a1449650daaa9cbe5c24409f3db19967ef70a86

      SHA256

      ffadb391b22323ce83c249e6697d8c28d63f8a920126bdec54b0e8c3eb30a986

      SHA512

      2286243680aef2cc2c75e1c8d36321efbf660b606ceb39da1e7cb41d10be669339b813f3248b0e89d8f62f233595845a6fad610021060c224c4fff82838b8c2b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5a6c6dcb46d107a18092f13573cf00e8

      SHA1

      da982fdf8a4f65794b988453f05c07cebf83902d

      SHA256

      f743eca7920e826a143d3a26114ba1aae89fd6e3b1b6f80beafa2cf8cbf7412a

      SHA512

      87151404f2a2810db5e2573da5155be6a22f1ebb7e892d9026a32d8db3ca022e1a71e856e8aa4066b8ca5a21cecf789c4a46feebfda3c4d049bf7dbabdeec99a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      595d42576d723a4653707349b4d7eadd

      SHA1

      5f4c973c74a4358a1869e8f2652c10db1e56993a

      SHA256

      3c119067c2c59b74c6caa2502b98001c84bd6c1d00b1a86a8e2a4f1d999cfa83

      SHA512

      e35155b9dc28eae5f4bb17c2683f8b3ed3f4734e51c732f70df4af08968f786c0db304eb623ed565a1efa5ff6270341361472f5cbb9dcd99ca8cba711f05bcc3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      037dbf374eba2b72a11b643e25be9152

      SHA1

      4e3b5d3a4c0ddc91ff3b9d43c118296f2f6d8955

      SHA256

      5759701e7e500077fd493ef086a83daae26115877e0a551713fb32f6a66c21c1

      SHA512

      e4ff55acee1a71e3df7f183f25ccc174acd9f03d1437c9eeae30f04fcea3cb298647956a3e7a0792d4725038e5229a927fa6703398772248bc33dd1fb0e0077b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab284B.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar296B.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2868-13-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2868-2-0x000000000058F000-0x0000000000594000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2868-4-0x00000000003A0000-0x00000000003BB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2868-3-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/2868-1-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/2868-0-0x0000000000400000-0x00000000005E8000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/2868-8-0x00000000003C0000-0x00000000003C2000-memory.dmp
      Filesize

      8KB

      Download