General

  • Target

    9d6dc9c936594390a965943da28e5bf4_JaffaCakes118

  • Size

    239KB

  • Sample

    240611-jbr16ayfnd

  • MD5

    9d6dc9c936594390a965943da28e5bf4

  • SHA1

    d6cdaa9b652de90f353ab63bb39de74024007e63

  • SHA256

    10bb327826096da6dc25892df7158eaa359ca40fecc45eb147524b87ad506a11

  • SHA512

    0ea6eacd5358b4fcb78d391b23ca0f5f16123c63b68011287ba09e2721a83d5670570b6a05f10bc44bddf9c5791d5ad8869a213d3eb03a4f0935f073aee30868

  • SSDEEP

    6144:nCm2RYdkZFx0pOF4/1nT5tvjjnFJuFUnnjiGfu6m:CwdktQ/B/3koGGBm

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214085

Extracted

Family

gozi

Botnet

3474

C2

google.com

gmail.com

q982yeq23.xyz

t7763jykqeiy.com

hjruu.com

Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      9d6dc9c936594390a965943da28e5bf4_JaffaCakes118

    • Size

      239KB

    • MD5

      9d6dc9c936594390a965943da28e5bf4

    • SHA1

      d6cdaa9b652de90f353ab63bb39de74024007e63

    • SHA256

      10bb327826096da6dc25892df7158eaa359ca40fecc45eb147524b87ad506a11

    • SHA512

      0ea6eacd5358b4fcb78d391b23ca0f5f16123c63b68011287ba09e2721a83d5670570b6a05f10bc44bddf9c5791d5ad8869a213d3eb03a4f0935f073aee30868

    • SSDEEP

      6144:nCm2RYdkZFx0pOF4/1nT5tvjjnFJuFUnnjiGfu6m:CwdktQ/B/3koGGBm

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks