Overview

overview

10

Static

static

3

ae85fac18a...18.exe

windows7-x64

10

ae85fac18a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2024 12:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae85fac18acdbf94378104a0983da205_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    ae85fac18acdbf94378104a0983da205

  • SHA1

    0290e95ac272d4e9227f47b89b702c3444071818

  • SHA256

    dcbaa83e32d8997fe9d14d0a76a7b618b465c8e48a2fb818dba846b118b18ce1

  • SHA512

    646136bd501a3226e6269f65bd49ce4848231e36cc33798f672b87ca39918a4c32710b1fc12f7cb1b252b610b17ed1e36c8bcb92555c5db3d6894d470fbe6de9

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0M2L6BWnqR+yV:BHXDy1qVvZnOe/HEyo7WGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae85fac18acdbf94378104a0983da205_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ae85fac18acdbf94378104a0983da205_JaffaCakes118.exe"
    1⤵
      PID:1740
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2516

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      54638eedd7db611fc84b89deec6ed32e

      SHA1

      3d60e18196c9d9a6bb0502566c5d113f366d78f8

      SHA256

      87e27301ca62b572a2198ec258b4b357293e78e5230ad7d1e2949bcb50e507f5

      SHA512

      aa88ef1f789db5c873e8bb7d28b3bd51a3120f0b924bd616a0ac6bbf130b18d797dbe19e2f5d1ce9eff0fd31084ea24ba28be077b3d3315955d111049b262080

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fcf2b3ddf6e290e8e608194d3ccb671d

      SHA1

      555f7bb2eaf0e7bfcfd292d391946cec987bd6ca

      SHA256

      836dc43f312fe8a00360cee3a4f3bb1fb2c0f9c042bb90207c5af3b8044aa425

      SHA512

      096962abc56d4ff64c9181df3192ed8e0c49c4ce982866ebdb526b4a0f16d3f96830fc92f67ff16c6367e871e05ab401084822ea9344a8552d505eabf4131e10

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d595ce8a6042b13020ec591bfe30463a

      SHA1

      9a286209ee58d725866dae5c4d7af3e15957be47

      SHA256

      d490fa90efc5032b1bc1493d7847f0bbd815079a80855fed9c952d214a6301cf

      SHA512

      b5e2b25e2fce1d0400fc65520d68b4a60e16dd931ea16810ef12923ee1159b607e0ec37d014fded9b7c3cfd820f16176896b8985a22c600cac2b2e56a3e3ad66

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      242acf51ae4652255709c3c7aeb6c19a

      SHA1

      8744fc6d63b8deed86d28733e337844adcd0b6d2

      SHA256

      683997669f2af26d157d55bfd2cbf400f341f2b4030904befd5707d3fbb88ef1

      SHA512

      4ff38bff484f2067850f926d21c9ab6d52505e3af963b9673dfe94eef805ecb55820f63f8aeced78905d045d784817e17cecef4da3d92564b4bd5998c72d1f9e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cc251fc36b246393f19c5776e368cc42

      SHA1

      6e5f9f30458ee4176c5d247cdc1dcc874e477a53

      SHA256

      fc44c4929fd5068d5664255bad1d419f85335e11f27612c632ec66a216b4145c

      SHA512

      3ea38b5cbc207259cf27a96f7876e86fdf4fdbcc3bcc7d88d41b09a93bb0172f7f01480575ccb909726ac110a3833d21cb9d0d0e8cdbe23021c263318817bda7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      875f42c6e42470a596ee31b5d5b3be3f

      SHA1

      b80e1fb3887c64e2746d4b387cd569a0fb42a0a9

      SHA256

      c55758e19fa2f432fde3a5890ec44d1cfd78e2d919ca2a94529bb7f505cd8334

      SHA512

      ac5cd8ccd1d7dd9eb716b9ca8f7a44df9d66e498b34e1a74e2bdbe12820b4e850f90416c2a246ecc809ebb6f56144a092c79ede1f744abec7040a16697d142b1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bb07209d73449c3ef4412c8047f82f01

      SHA1

      33022a47e1c258197e28c1fbba3d261daaa2be2b

      SHA256

      22e9922d9412962d28a77b9ef6f778fdb0fc78aaa10d918b137533ab3f2b0d2a

      SHA512

      62b46814969ed68925966d026b279a0e32a82f1067ff57b4cf06b207cd0184f2dcdbfb3f25f6c960e29a0013491e1e68bf2fa52cded15087eb0f3239a412a9f9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3bd39ad018522403b84260e838c642dc

      SHA1

      3dd900c387ba94401297b47386b6a7c6065a9804

      SHA256

      d545ebd906c0008938af2276a78c479efb7b3edbd822de6912efa2193723a72a

      SHA512

      269abc21d671182b2a7d3a408d946719e4f28ab55317914b9831669500a04eed9a9d12cdaf2fe968648c4961e7810ec091fb888020f86d7e04ea9d79801a8419

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9C13.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar9D05.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/1740-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/1740-6-0x0000000000480000-0x0000000000482000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1740-2-0x0000000000450000-0x000000000046B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1740-1-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

      Download