Overview

overview

10

Static

static

3

b5654ee2da...18.exe

windows7-x64

10

b5654ee2da...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5654ee2da2bc6d3d8b19c47028911a7_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    b5654ee2da2bc6d3d8b19c47028911a7

  • SHA1

    bc6b29c0145912d36068e6af1b10b391d5d12c92

  • SHA256

    a9df84a82999bef0329cfc6a2ffdbf9ad037a236b25562f55075f52c2f95484a

  • SHA512

    315a3d6ac566939e32311527c6667b80103c843a02b0b6af9731ac2841965a60b54b979d623654d19ce3b760070a5f01f2cc56fab61304c88e3fbf6fae0065f6

  • SSDEEP

    6144:UVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:UVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5654ee2da2bc6d3d8b19c47028911a7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b5654ee2da2bc6d3d8b19c47028911a7_JaffaCakes118.exe"
    1⤵
      PID:2764
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2500
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2540

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      30e4bc3ca6202bdead54b2b09a76bd8c

      SHA1

      80eef946af9f3f67f806b6c7b20652ba1db3b873

      SHA256

      1e1ca2355d53700c81c94a1478b17cf9987a060a730f96ee3fae819f0efb1283

      SHA512

      98d09795ddf8f4b95dec5b6169f8f970c1cce3aab14831573455be3eb2ffa27cb9bcf7fae00db87222b2c98219b237dedcdb44c736a216b1516be4a1e1177e12

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d093034636ec7198a6b4cec7afe10bb7

      SHA1

      5cccb7358a2038e34a4bd717948f24921ff8ca21

      SHA256

      28f280e96a832f45171c281f1ceb1ccb4b23bbe4f35c8dab67bb75be375190cf

      SHA512

      e0d106b0b477495f469ec29af6f0d89c72bf98ec80f8148ce262b01ad9122ac3112301c828ac281a6fd01500a1b71c4c3c9b150f1dbf72b532764c36c4195ad7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      36b12296d775495e87af34fa8880f4db

      SHA1

      5f717deaedbad20f8c0afe77bde8cc0ae27e11b4

      SHA256

      ce40f32408d9028cdc68f37d4a1fd94070fbcecb180c41dba4ec5d28d16d7a2e

      SHA512

      b9e8566f0580a5ccc47436a76a410b9e0712bf6f930c3e410739cc58106abf56b4d9859fe62e2871be04cdf47b85f56a852d54ad9aef231fb1c5e145870cbedf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      def312ad8336151d6ab27c4bfa8bac6e

      SHA1

      afac7c02b920e2a6c70e0882fba921a33817f555

      SHA256

      e48e222313afa8af81afb07a9a47fccad205fd6ed883d9e9195f116bd11a02a3

      SHA512

      224339ea864cce7dc207fb368c6d0472c7531194e313c36087123b6c45f806803096cfad65ffb29b0fed7c6f434c30d02a9dfc09dc21c45ea0230f306d8a9327

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a39a1e00d9b1bdc2caef9204660cff7f

      SHA1

      9e10966a044303ebf252fd9ae2376338a52f6fbf

      SHA256

      bfa74cc4e362f0c7a6ddd79bbf85a663bc1478043809d52d6a8e90ce20bd3f61

      SHA512

      04c341e6393b53bf2c60862e09387efdc810a52766947aed78d0fd50174192bc5e0511d14c8b0ee83553fa3ba7ca04dc77ebba9c831f78d7eb6eec8aa44d7985

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b9d513f5c0a4872b4d808de77c0671cb

      SHA1

      4e3495850bfb36b0cbfad7149fbf31fe5e38ef04

      SHA256

      3306f36ffeeca3d4c089d3615eb151cca86185d4c3a36a8b70b1c7dfd8b602e4

      SHA512

      07703814d4e34892e243a4873138fe15fa988892706c97ac4862b4b4b28a38ba15c5a3d7b118e3a36eed793d1d2199fc12a3ce0e6ea2584797d27ce97a3d47e8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      001fe4f8528e4c92d51520f22fc2510a

      SHA1

      8ef5286cfac2e3c9c94e66e5fb779bbf3205e961

      SHA256

      0364f106f7907791d778c9e677892395bb04180f38ddc31ed6e544fabef52a49

      SHA512

      fdc4bdde0f657fa23ed56b4357fc82089c0cf0f52b286d0647fe33d30285e02be9fc94c25ad741bccf925c6aa50ab4a425672fc088bf8cd38a0e7ebddf863952

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3d716759c5023006491b3d8115e0f522

      SHA1

      90eefa926c20323169a2cee9713c566048ab464e

      SHA256

      592a5d20012010280ad4f264033c080ba18b33a29d52a4699e55fd78736fbcab

      SHA512

      df62ec8785ab10e619474669c9883a337c39d220df418a053972bd4b92d110568fac81dbe235b23213ae638216563c9d761af3f85c6aeefb7b7a8ecdfe8fbf5f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      363de3979c015e9dbee2b96e4f1598e4

      SHA1

      6621611ffaed9549ccc637e5461dd9aabd4eab89

      SHA256

      cb889c302dd319720a17dcf073846482a0fbd804255030448c2d34b4fd82044f

      SHA512

      49ef827c31832f0b05b244d225a38d92a83c055563e79483c6be082d85e6957b4e29f8403fb0108e2430fe67533fc9cbfd19b13ef64f99e3bd7dab034aa145d2

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabDBF0.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarDC9F.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2764-0-0x0000000000E80000-0x0000000000ED3000-memory.dmp
      Filesize

      332KB

      Download
    • memory/2764-6-0x00000000002A0000-0x00000000002A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2764-2-0x0000000000260000-0x000000000027B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2764-1-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download