Overview

overview

10

Static

static

3

b182f78d61...18.exe

windows7-x64

10

b182f78d61...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 03:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b182f78d61c954e5b9cd5403599a121a_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    b182f78d61c954e5b9cd5403599a121a

  • SHA1

    38ba701a43fd427b675da3a74d211c1adc97fdd9

  • SHA256

    307b6299467f4d41223103ed7a7112a229df9d11323f949b91fe14c5dc1d00f0

  • SHA512

    7c05d5b0c051d3497a252e3682dcf143d50c355354cd37ac293350fb878db41b1866c01c5ad4b984f027ce1d8954a3ccd39bd65cbb1b021982cb23a573ea7cbf

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0U2L6BWnqR+yV:BHXDy1qVvZnOe/HEyofWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b182f78d61c954e5b9cd5403599a121a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b182f78d61c954e5b9cd5403599a121a_JaffaCakes118.exe"
    1⤵
      PID:1844
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2576

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      86648bd51cdd7d220863c06f8d7a83e7

      SHA1

      7c244023bc0349e34d2851bb2102a3c297f9306f

      SHA256

      b7dc8fa2ac7fe2acbdab63aa5842fd8e02201e7153f001be87a91224ec8f07f7

      SHA512

      3c6c33baad61e54160d1ee88ed8f5f5c0000d7f7750d38481a046ee186d29f7932e0e44bc9189493c908c71ee845d4e944b9c476f5eb4cf2e9cb1fa1d99729fe

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5ca2f42d573f90ebf1b72d20a70e7140

      SHA1

      3946e2363d1f80f05328a2c9f13d5e6859c3bf2e

      SHA256

      608c397efb1acabe54e3579ce5ea6719fc2b6444923b7579ea39fb4f9f30183a

      SHA512

      d07b5dbcca15cefaa28148d1f807913d2b2331c97407a6bbf13890bc47b232f3651af540c6d1bf0d86163263938ab921db0465c96bd892b64732c5ab26ea8166

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9b6ae2822b48b38a60cf73a08ae3a7fd

      SHA1

      4fd393b9b1e02d694c874e75cffe568d5cf81ccd

      SHA256

      a02219be1c27d17e8a5aebfddc3cc44caf58831405b8a8dfb2ecbb9f8fff0613

      SHA512

      a309323327d2910a072906f7c068d8941042cfa48e1457ab490e660c13ccd4c086e2eeec68ea21b0862ac601fecd3f3e7025ba9e719ea00a94dcb533ff21dbcb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f4525d59dc9ca2290c9730fc924ab7db

      SHA1

      ed7f82425818be870720f736aa5e7acf2db05a71

      SHA256

      4b963c63bed13e0eb80fb69e63f7f9c386f9cf742988eb92265c55fbde317223

      SHA512

      3c797d478f406de32090855f5b176c555aa9a9f81bb4693c7d77ce1ef42ce5641435044ff7df2a30263bd80e6416c5c1d2c7e11fd80dd205a2d0a595bebee5bf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8125cc62c790b113e9e62c98aef31604

      SHA1

      f2cebbd5130273c69f192b374438ca4ace15fc60

      SHA256

      7d6c495e6a3b4ae703b853366c9a7ce247e0cc1692ba69c3d1d0d4051c33127e

      SHA512

      9015a1f1011896089603a287338ae9a3ff425ddb60ef6d8819544e2323c9af43289d76385db49e06eb98ac4f0eb999a5dced36d639389a6e7fa96bc1cd5e2838

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4e607837009225e7476fd8b7fa38949d

      SHA1

      88eccd91fde76d09a82211b107fe23a210d9c833

      SHA256

      3436bb144e816d3df1ef99b3ffd696b5f3f55f6b33baa59a6bafe97ddc65c398

      SHA512

      71136a35834606d38d09feffb257310dede71d01f070234a227f0460cd66cde8bc5ccd270858ab336cac94dd8f548c1fec2ac3de0e90058f60cc8e7e3e59b11b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9ea8b68f1fa1f9840fb8d323e59a6b9e

      SHA1

      e610c3000c553f693d345ed489c43b56dfefbee8

      SHA256

      70df64c605b767bf2af8f5f2b54deeac00e65d8fe62446afb525ccfbd821ab26

      SHA512

      94df9641e9632a762c3ff54ed1d31bda6f61211f425631e12d05846a8b32177e39a30efdd68f12e91daad08606d1518fea4ffc2ab51663a11cb2abfa84efaed9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      46c8a12ec60aedde50156c972c0b59e7

      SHA1

      cf9e76f9d8b822e155b53d0ca71f5ed38c801b89

      SHA256

      b7ef82963f77edb7d92acf68c39e8119849bf850e4b12bb77cff5e9337761a75

      SHA512

      27a8f52acc63b8a2f7e16b756d0cff61c65fe30e7937f1601bbe023cd53047e8ba7e3d5847e86f5a77d8f6421b0f100f18ec7449b7178787d0578d7b77785a6c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      df0ba918b4a18295220c3658a3d2e8e8

      SHA1

      97966bac6aa6b8e669a7d74e6cd42f9b99ffa5c8

      SHA256

      d7647ba79c1bc503bed52a3b0e8172d4722ab4fb3b8232ddcd7853039aee6987

      SHA512

      a3c70cd725de2110ab0d9bc990e117c4018a7437b38bd25622730aba6eef9f5b1ad719ac3194cbae32eac802fd1b1db474e8fb3be1e632e113a7772fb0e1afc2

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA601.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA6A1.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/1844-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/1844-6-0x00000000003F0000-0x00000000003F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1844-2-0x0000000000280000-0x000000000029B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1844-1-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download