Overview

overview

10

Static

static

3

ac7bc5c495...18.exe

windows7-x64

10

ac7bc5c495...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    157s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-06-2024 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac7bc5c4953f3cdf488f98d2bdfe0bf9_JaffaCakes118.exe

  • Size

    268KB

  • MD5

    ac7bc5c4953f3cdf488f98d2bdfe0bf9

  • SHA1

    8dcc3ffa6aed4b42990d63248db3621e2165d9ac

  • SHA256

    9ee54571151efbd253a30211dbe7beaf57aca1b1ed8aae48de72f83d43897c3d

  • SHA512

    2a25edece0a2ebb8cf8cae2cad742968b09160eaa7a6cbafb3d83a6f62b642efed041f3d9aacf26135125db491032e2385a1139d6c976e362cae3a4fd78c6117

  • SSDEEP

    6144:bjGlumlDoFoiADf3N5uYU6REjMmgJpUgiT:bjG8mOF9C/N5uYUdjMmaziT

Score
10/10
gozi6000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214082

Extracted

Family

gozi

Botnet

6000

C2

http://velooiisd.club

Attributes
  • build

    214082

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac7bc5c4953f3cdf488f98d2bdfe0bf9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ac7bc5c4953f3cdf488f98d2bdfe0bf9_JaffaCakes118.exe"
    1⤵
      PID:4656
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4352 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3264
      • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
        "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
        1⤵
          PID:2724
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3828
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3828 CREDAT:17410 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2160

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          3d82010fe5c2559538cb93fffa3297a8

          SHA1

          b02cd4e4929db411ecae28de691ec73a84863d4c

          SHA256

          6cc835432fca96a9eaccc9c5f6e0d5e0d705c35a57eba81f4d966386c3638055

          SHA512

          8fac3f8d7b17d8bcb1d8cc725fce6fd150428956883f216ea39b813ee054c6e45ec292053a4569bb5286094ef0a154a20e6463a277c6d03284f0390f35f5d1ff

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          7d0195c98a10310a312adaab237fe96d

          SHA1

          f865f64c944c432c80c252b6243ce53854468df7

          SHA256

          ead95e8ec35e09e5df8391cc47232f0e4b7b3c54b89b411763d662abce2e54f6

          SHA512

          4ea179a79f0da6052f5ec0271d8bfcc6fee89573cbdf42ef9d72588dfe64a2f6ccc7bc00f09d3b0a54bda113ff607aab580cacab4b8f76bfdfa8271ad2283930

          Download Submit
        • memory/4656-2-0x0000000005540000-0x0000000005640000-memory.dmp
          Filesize

          1024KB

          Download
        • memory/4656-1-0x0000000000400000-0x00000000052A3000-memory.dmp
          Filesize

          78.6MB

          Download
        • memory/4656-3-0x0000000000400000-0x000000000040E000-memory.dmp
          Filesize

          56KB

          Download
        • memory/4656-4-0x0000000005750000-0x000000000575F000-memory.dmp
          Filesize

          60KB

          Download
        • memory/4656-12-0x0000000005540000-0x0000000005640000-memory.dmp
          Filesize

          1024KB

          Download
        • memory/4656-13-0x0000000000400000-0x000000000040E000-memory.dmp
          Filesize

          56KB

          Download