Overview

overview

10

Static

static

3

b5c4e7b0c9...18.exe

windows7-x64

10

b5c4e7b0c9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5c4e7b0c9e644b7b415d03430c1f29d_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    b5c4e7b0c9e644b7b415d03430c1f29d

  • SHA1

    6d912438045b982b9b85e660940a87a881c66de8

  • SHA256

    d85b915e0a01f89d379589bf5efaeedaaed85d134bddc1e7567d6d8cbaf04053

  • SHA512

    9cc848573eecf25912ea9a6e97f564f348c3cc8954ecdb430807332fd1f6d6164ccdffb200da7858bd523122d2391cdbd2556d2422567d7a4d063f51f1830000

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0t2L6BWnqR+yV:BHXDy1qVvZnOe/HEyocWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5c4e7b0c9e644b7b415d03430c1f29d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b5c4e7b0c9e644b7b415d03430c1f29d_JaffaCakes118.exe"
    1⤵
      PID:2252
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2744
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2416

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ed062f85803b9b9e5defd997d4e0d234

      SHA1

      71cda2436465728986b2301f7c348006db0557e4

      SHA256

      ec58a2dbecd3bcb20397aa72ce906e6504ecc175adec669a1533a8ea9ae37508

      SHA512

      8d37b83009e0ced7362a9d831def159e92b0b8151597edaac2f75eea9de19b210f6d453684ccd2a2997e5c18628171a67aca325e107646d793167dfcd933e90b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b24d1519ac77cbc446052eef8c7bc321

      SHA1

      0385a105ccfe9d854c2c30936d9795299b28a098

      SHA256

      93062bdf1331fe24d3f3fa384cc21d02ef74883b588ca7aadc4b1a2510029520

      SHA512

      6fa0d8b4e5699183d16fb69cf69b1ccc69cf00a7c451854c7e587e4eabe2b78723086860043c2f847f22274e100164d17c0efd28f1c205f1cb7519715fbf9d29

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      73087b31409f8ec409046812bd44e9bd

      SHA1

      2f1d8aa3442406b98997be76bd4b0138358e29e5

      SHA256

      7ad21c1dbf3313f5e33c28e0a2a9287f498142c3f8c0b61684f83fac57d59b64

      SHA512

      599cb1ed2769fd30abfb185e1ee1e760519b6aba74918b6fcf3116bcdb2d20703b7682e3bef0b8c74d99823aae880c845d9b5365e6cb0bb1b4cb16cb7288723d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      483c3e1e4ba2a3768b72d2bc0fa89555

      SHA1

      1b23cbef2bf4e044880c295146498e0398edc19c

      SHA256

      df67e92e3395b9937b6f5fea4e5823b109cd449edec37cc94a1d552c466bd3be

      SHA512

      0c9d919e8e7d9b4d487d74e6d82f4123132e676f9c2c13635ba91a607a7186b3838cc0422ff0de298a45727dfbb0489faa5caf4096186325eaf03765ac73f66f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c07b54b04cc4dd8ec7ce2e357eb91b05

      SHA1

      26a9cf8ea1b23f81b4e7627f1d5728a0a1ac7e37

      SHA256

      cfedf81a510bb222cf7e81649150d7091f6891d2c47575b4c2ec946fe2fc8963

      SHA512

      8775ba435541b0a4b5487c625e3c673fd88faeda8a125247e856a5874c6c40d5a706ddf492df37a9e22441fb5dc0ad0d61661dda13238f7e56c6889ef6091d5a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8bc0a762715cbc6c91e91bc07ee53088

      SHA1

      7a0eaccfa2ce39b6b8d852cb471c374f99a6dc98

      SHA256

      e041d1ac2c223424251945e1a72c0e15e1fe2efc5ba7b213dc8b8fdb652b11e5

      SHA512

      efcc1b8addb73744fd3a0ac8076e22380f4119debf1902f2158509a5f31c64793bcaa04852ab8ff78cb18a7ecae8ad3d33ab8eb726bc09bd8f931a133da73611

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7b96faf375babb79e04c845def870fed

      SHA1

      69e802cdca24e8deccc975637436e75cd734cfa8

      SHA256

      47629e96473fc73a29e47ccf5c04b3db6b32fee89bfb0350c831c473c3ffb31b

      SHA512

      45463b216f5c587cf4bd59be718f9e66bfa6620055b68ad81a131089dcfc4d3ac3c2ce90a518f8d15a25cc6143732a597f1289349a3d2d980aa6377dec2d73cd

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f6bea0d34739e36437b83e9722c104bc

      SHA1

      dafe8cc5a39907a134de6fc3f3dcb88a8a8dbbea

      SHA256

      733568210f4d5f262b249acbfb86815af4377015f969d63b2c49f2b82c24f35e

      SHA512

      ba0559ba13203dc9d5f5a5ec622af35fb141d1ee5f95887f8e0cf072db45d3f22fbc2944b52ae267879edf3220aecd5948530add7dc24f07a953c0c0c26fb33f

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabB711.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarB7F4.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2252-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/2252-6-0x0000000000650000-0x0000000000652000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2252-2-0x00000000001F0000-0x000000000020B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2252-1-0x00000000001C0000-0x00000000001C1000-memory.dmp
      Filesize

      4KB

      Download