Overview

overview

10

Static

static

3

af05476a57...18.exe

windows7-x64

10

af05476a57...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af05476a571604e6581670e02909e810_JaffaCakes118

  • Size

    186KB

  • Sample

    240615-sjdceavdnb

  • MD5

    af05476a571604e6581670e02909e810

  • SHA1

    2a23b8f6d17a23baf645bbe6d8e4453a34938354

  • SHA256

    f25b9cbd632e743a71988d08e68e6a177318dcc1b9b93402a45f1cd71a93ae3d

  • SHA512

    dcd74036221ad16e74604e143999d0bdebf41498b90553e5327feb0e19b0df735855f81fce4a341ff4d0ba8737cb82dde0698f4aab175e2abe62fa75366fdfd6

  • SSDEEP

    3072:9iPLp6Zp6+dkYNnSd3p9i5BKX5smv9q1L8wXOLcKQEqxJ6+lp:8Lp6Zp9d/NyvRv9Snu9up

Score
10/10
gozi3438bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214085

Extracted

Family

gozi

Botnet

3438

C2

google.com

gmail.com

ty29lt.com

b81bgabrielle.xyz

s66pzpiperaamaya.club
Attributes
  • build

    214085

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      af05476a571604e6581670e02909e810_JaffaCakes118

    • Size

      186KB

    • MD5

      af05476a571604e6581670e02909e810

    • SHA1

      2a23b8f6d17a23baf645bbe6d8e4453a34938354

    • SHA256

      f25b9cbd632e743a71988d08e68e6a177318dcc1b9b93402a45f1cd71a93ae3d

    • SHA512

      dcd74036221ad16e74604e143999d0bdebf41498b90553e5327feb0e19b0df735855f81fce4a341ff4d0ba8737cb82dde0698f4aab175e2abe62fa75366fdfd6

    • SSDEEP

      3072:9iPLp6Zp6+dkYNnSd3p9i5BKX5smv9q1L8wXOLcKQEqxJ6+lp:8Lp6Zp9d/NyvRv9Snu9up

    Score
    10/10
    gozibankerisfbtrojan3438

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks