Overview

overview

10

Static

static

3

aa6bc2ed4a...18.exe

windows7-x64

10

aa6bc2ed4a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa6bc2ed4a2cf15ef664949b94d76b3a_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    aa6bc2ed4a2cf15ef664949b94d76b3a

  • SHA1

    807924c89ba3dd885b17747a6f4fc76c79ac0aa8

  • SHA256

    fd9c3c638e0aaab54047e3ad273959598c9cab462e3b38f8d5987f44c10102a4

  • SHA512

    867edf212afca8600808d6e72f844b6a9861a30e579331ef3cb42737d2f75bb1225c90ca6b75a9ef193b271807213cd3a75d391d31c71e5d3104c602822c006d

  • SSDEEP

    6144:RVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:RVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa6bc2ed4a2cf15ef664949b94d76b3a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\aa6bc2ed4a2cf15ef664949b94d76b3a_JaffaCakes118.exe"
    1⤵
      PID:1908
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2444

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      cda0b42741b8e56aea1242c329a6aa63

      SHA1

      a5efbae743758e750f32a92d12fa7fb70e03916d

      SHA256

      ad52c937a4c18384a1305d5d4b84543c0439f055937a51dc37aa06c2251f327f

      SHA512

      85ccaa47b6f9ec23d1d6a57db1ce6041ac40ce9b0e55c1182e6b3256124e7adc7355d93ee9cd9cd33267a41d5500e41fe20bec5604c90479a47ade04e81983da

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      65198564973db70ba0f69a817777dcd4

      SHA1

      094e1acbcabc773f1bc9ee11e93c52c205a8c533

      SHA256

      8145130bc68652fb7473ebcea89369d44c9673d7672ae70a432ad9f44547506d

      SHA512

      fbdd4c8e732e8a3e1a66a2e9a12e97624d79434aff8f9c2673bfe369ce264f11e1b2365b58bc0d3a0adb8ccff7af00fdb5c0020777e39775ade59ec141bcc117

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0d988b7622ffca3b6386f1a712105aab

      SHA1

      9f4b1647d81d80e4126bda86b0a94887c4f64544

      SHA256

      3c14cf3f8b8c6e984ac20a27e02c527de9684aa9df9bed1626f4006d438cdec6

      SHA512

      a3c66e40c9d4ba399144a663f4dbbf5ba737adedf87e7b2bf692c965844852c2d64663891acc540625b98f56627670ee1693868380911e730dc8d05e225712ab

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      91bb851342f8a580e87308fdbb53b37a

      SHA1

      3be6f94c13b472e8060450ba13af783fd33e0122

      SHA256

      330502b2891572150b6b36132c090bfbb9abf5894f54d72ea4be8dafd5c64101

      SHA512

      c60378268c7a46083bd847497ab1375ef10ffb2beb8a416868e9fea22ee43ed2ecb4e45a86bcb6ab54ea4fb1bc3e847805f8a70e7682672a97b2c33e90bbad47

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      805eb7509d46b8609afab96d6a8cc57a

      SHA1

      28f323c60f1dc3ba2bd0b876847075ceddf73b5f

      SHA256

      48fafe91a123b15fd55e812e1381a11492bd7e2ee5e248d29b77e6bc82e8ed98

      SHA512

      9dff32abfd422cdc4eaaebea00f89e3a3d7d4e04e358a4a1afb0be09baa7180e8a851f5fe1a6eaf3bf103d05125a61129fd004d8eb080ad5038640713ecb6ebe

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d8caa5e27a4ead5a827dd50cff95b495

      SHA1

      a8a11289cda40df4d5e04a991438d6473b038661

      SHA256

      915e7b99844bf9d4a5d5c537d62741718475ada487ee82fa0a73bfb4c8c33c21

      SHA512

      aca749cca668ff54f7d55cbf27bd0d738fc6dca1cef6611280cd8e052d3676304b36b5fb99a7e6f42ee4700a52609d26338fc982f3cc9bbb435feec0a95c7d1b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4a8e4051c1fa635484aab13ccc043927

      SHA1

      42c027549c857fde39199b8216f7b9c2bf675a32

      SHA256

      4a56bab3fe58bb365dbf781ddd4f2cab87ae1312aae293bf71c13570517d60a3

      SHA512

      56d575cdef2743adf6b6db367cf17c58e017ca055d8adf45e19c4e256a014c0fb103ac7b84fdb14c99c4583baa8e2ceda0d92950d36582d751dd94fac0854a86

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f13c215e864dc0e7a501be834307bbaa

      SHA1

      03b24b91f6f1bebfa428fca40e9d3c106bc26757

      SHA256

      4d10cd67951c7203dd3ed91be3bec18873148c6a8bd265aeb233aeab19b10eb2

      SHA512

      c1dde86ca3ac7468a43f651f0f91f50c07256aa204d4ffd3de87408cf9fd14a462d41f6920f2a9f99ccac2359e6ea05be173a03dd8b7a9bfd27d9571eb722539

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      98084309e6e924846f310809fa603de5

      SHA1

      bbc5456178bdbc56d999be8c4b7f4a88dd8ea59d

      SHA256

      ee3c56f80325b13b8a8c5503fbe1f6fe604fe2f5f1e768552afe335f40ee9a36

      SHA512

      b3da9a033b519f8156755c33bcd6d44a64a45f6f15a6ff89180c4d5fdcaf596e279d8384fd305650a54e9fb78e2e89be5f6e5362aabb02a6e62ace1489a82570

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1aa7d8f375abc6f631cca56b9fb8e35e

      SHA1

      78a1e95eaebf166806ebc06c80d362f5835bbedf

      SHA256

      a42aa68a720e47e687e92c1f5cf452530dbb4a14ed2be82a80301678e0e45c13

      SHA512

      7974194ef7aa29cb2e6b0d673f7f7b9fe8b0c72e51af8f511c317017f999abbf97c7f76f32f8e55772c1e4a4f736d7f1c34bf8c4bbd7acc13f5468bfb77fbe25

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      2b341513ebc6162d2ac27b4ee0da40ce

      SHA1

      68fc7c0d6557d65e096bd1e45ec1e923f9f320b7

      SHA256

      268449252f5b8f173d2ba35a47737454fb7fb3aa5a298638cc3a85b00c8ee67d

      SHA512

      00207b66aa993afd467569aaf183b8e04791ec0b41092c96c3832d78d8747c50b35ed85a31112a5ccd1cda88531169fd85f2bd190d30105c976e88c468f62a22

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar859A.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/1908-6-0x00000000005B0000-0x00000000005B2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1908-1-0x0000000000180000-0x0000000000181000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1908-2-0x0000000000590000-0x00000000005AB000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1908-0-0x00000000010B0000-0x0000000001103000-memory.dmp
      Filesize

      332KB

      Download