Overview

overview

10

Static

static

3

a9c2a7f7f9...18.exe

windows7-x64

10

a9c2a7f7f9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 12:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9c2a7f7f9e0ae6fc335924086b727b5_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    a9c2a7f7f9e0ae6fc335924086b727b5

  • SHA1

    8ca1f2724e54f2b7c60a9b3c300707ae2622fcf0

  • SHA256

    9c4d108eedd776d5e2fe16414a034569af235ab32b575c5786391d13deb901d3

  • SHA512

    158dfabfd0a188f16687834477d6e28e21298cb82f9cd3a899fc57e31d6b4c7e3d49ceb6ffc8560f84edba2991ed9f536a1ec420de3489e4d45dd34867d95007

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0x2L6BWnqR+yV:BHXDy1qVvZnOe/HEyogWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9c2a7f7f9e0ae6fc335924086b727b5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a9c2a7f7f9e0ae6fc335924086b727b5_JaffaCakes118.exe"
    1⤵
      PID:2232
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2616

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e326f2e8aef2cfafea37acb04940f227

      SHA1

      35a8d7ee2143c881a72b550f9c470ab42a7a2143

      SHA256

      73adbdf0f0fe8d138a8d0a74ebe9ab072271e9c29e0a0fd90c089fbadd16ca42

      SHA512

      347a250ae838ea8348e2bd61ec2d412cb176bcaa78d3fafaa4b5f501d36d901549dc613d17753e1db68f50ddedb34155664f7c3f23cdd83bd8967c775686a7a3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dcd51c292a33fff3079736587523ea46

      SHA1

      c9c4d241f50fd120bf776b07e189fd6b27b1c6cb

      SHA256

      a58a388d7fb056f66434c40f48a51e555d6febc3e5c6f5f48f46e63adca2600e

      SHA512

      781eb307c03e23b4b548b52610045565829dcd1bc066760f8bb76388d71bf1fd9187e8bebf7327037964d77bd776b1c1034619ba7ddfb3350c90598cc569a1f7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6b6a07005e39838916236628fe424f2a

      SHA1

      feaa31a88a8f0895aa14d8cf12a852ca09c82161

      SHA256

      e725420a2f395bc84a633b90c5b68df62dab4848549ac0a18932662bb51d3a0d

      SHA512

      71e7cc90abbdc98ee3c23f694da94b8bcaf1dcc40cf6e97bc19081523e088597872448d68b580c53b5033e07905707af5b086fad77029fb9a184332586f968da

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a9c9e5893a2e0f080d14f8443ee12765

      SHA1

      0e8a43e5c3217c4a59ff7aa74c7bdb620fa1269d

      SHA256

      1b64c6119cbb4cf25e8d49afe67b863553f65f0e969c81f1d7f0d0644c2d4c88

      SHA512

      ce64bb7c8e2d228ae11feadeccb12d5a50875c3a72f61a08646258a4f6086048944e638b9c2b551a64a1514f9c067353ebee7c5adf4cf7f4c20c6a3e6b5fff1e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      871d05802d2d6b519f866f9048c8a033

      SHA1

      70a480e5642c4bd9c88599d83e11071afb6956d4

      SHA256

      ddbde141ba75bd2548c294eccf32c3edf2902b11f50310cf151c9479e75ca524

      SHA512

      ac684352076c53c1366d39720ef6d0b592cb2a2224b88da70418fd6471ffa6e6721748c35db53ed203e4a2f30c2d1e0255b00b62d0ce7f4f67447f7bdb07e841

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2ba43898a2fe7da650ddbb54a10c115e

      SHA1

      fa6a339afd9aa1dfc5c0c24a3412b91fa78b4551

      SHA256

      48d295d392ecddffe544783d6d056a4f91ebf698148e9ca4ad58a7989e0df186

      SHA512

      3e252fd55d66929addc42850a66fec0e7d3d341245f0435db7dd66fe6416286bdd0c5d0e9b53c10c409f05f8aaa895151f8c84c72547d9812534277ded888a5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      64b1b856cf96145198b866b7fd24db27

      SHA1

      100c94f04b82f1303a46014a1d2c62dbb59edbd6

      SHA256

      253789f4f681af9866a404d6ea6a460e94c5c0cb339f709a19ec5dcc6d45d0b3

      SHA512

      20b48d2d54861da986697d40754bd8012efbb048306118d9b28095c535a662bf2d3c73a1697c0ff58b17578f375e40964fcd9e3cc720ef2622a937ba83c50c69

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab284B.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar290A.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2232-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/2232-6-0x0000000000370000-0x0000000000372000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2232-3-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2232-2-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download