Overview

overview

10

Static

static

3

b1f80689e2...18.exe

windows7-x64

10

b1f80689e2...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 05:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1f80689e29216269aeaf3d730cd88d6_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    b1f80689e29216269aeaf3d730cd88d6

  • SHA1

    ad7bcde5e199663ec9d91707a7214c586093eb12

  • SHA256

    40067f80c4e163d3e2790f92c37435932745b03ebbc9536d8b727dd1ae9027ac

  • SHA512

    ee208295cebac0f4ae20ac556b3a249fe96472a6f0d0787d2451503f4e518550c7824612f2e14d162c6b07c1c465c5bfbf52ce16cca5dc3c0d7c9c6ad3322466

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0I2L6BWnqR+yV:BHXDy1qVvZnOe/HEyobWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1f80689e29216269aeaf3d730cd88d6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b1f80689e29216269aeaf3d730cd88d6_JaffaCakes118.exe"
    1⤵
      PID:2240
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2124

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f2d78b43e21efdbe52aff5b7f6b8d324

      SHA1

      e9681697abbc81fc0ce150f59a9accb9f04057b3

      SHA256

      477cfd6eb0baf3456f21d569940331c3dbb540d2e1b3e74effe39bf5a5a05b0d

      SHA512

      d7b8bad9171e8a6c66222c932c36a78e3bc29e55b4cce04914af5c47fa3e7bf4fbfc96697a8427edf7263b406f8b83bcf598055358725a3a259a6e00c38a4ef3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9eda05411b7bf504ea2a68a44bec8138

      SHA1

      36005086436196b727f23299fc8e05d19016f6c4

      SHA256

      5b8d3ef2e5460d814e6cadbff4196e34b4a689137cd5f7eea4dcca8cd7c61e2e

      SHA512

      561edf8e307a0db7da6a021951efb734910aaa0150345dd29806b49666e85d407fd87e0ae27c17ac42114367931faf34939f1977b89b30448ff79232fbf06e2f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aeee9d105dd5d44953f2e4071429d446

      SHA1

      b998464ba390615c5897fa001d0ba3793dca02e4

      SHA256

      c5f91b85ba70da6c6c4dd28b49123e97a11d9cde91e0314c7fe116c6e4e5f373

      SHA512

      554882150e224d89123bb52f094f53c66d00d4dc497259e07d7c6fddcfb56e0670266fa741d6582d15b519a050a6a7bcd8b5481a2610816d93503998ec135ed4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cb17269857169abe42a055426ae59199

      SHA1

      93e556872191bbf36842381baa23b5bfdd39e7e7

      SHA256

      b95e83cd063dfe8e29f29452bde3385110e6150206074557bde107ce6f4a2507

      SHA512

      e9633253bb55a65dcb5a0e89737eab3c0bfd1fc60898e0807c10941509bfdf1483bfeebeb62b394dcea624e6a3f99641e17cd40cef6687464b954dde7d8eeb5c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b2e4b908a0ecf3030d23f57234121450

      SHA1

      9b1861020664e07d87134e6afa24ad6b42633475

      SHA256

      98e6890057b59cc02ead4f384d0af214d2ffcdd5d4b1dccb4c4999ddb940a457

      SHA512

      6d86b98b73f8d5db0b2f18669332cb7da35dded9c3c11856052e8a524831a6b887904f1020e4e9a94b3ef3d27d066298511bac03cc27431312c81d9d4427dbd0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0c1d2866ec8b0e34e39c3dfb7ea64f37

      SHA1

      9871c9d2c04809f17317d28517bcfd94a5fa65ef

      SHA256

      79684ac4c4eb93bb187c32517b6d105629ec95027a66e45578cb412aa0abae07

      SHA512

      4d2ee4f6257c5311cdbe25971e641e70eee44f1661e34a85a39691f0ea80c4559f7b2f83857baf60fb937d9f4414c61eaff15a7d4c3f586060421ba610bc23bf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3a4a4930ff16c381bccb14ccbd34107a

      SHA1

      edfc2139c83fe81a965a6f302e3b4d938dc04f71

      SHA256

      27fd90d4219e63fda6457bedceb6194e4f1248d630c5b2b0aed6f1069d818bab

      SHA512

      d7c4d449c180fae46cda34b57bd270b8cb08db207bb6dff574093513481cf08a0628896ddc17a5621d2b358af7b9655a5ec86f134fb9857d7b666584f2b0f040

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      afdf1efb909cd292783a875f6b546174

      SHA1

      661343bcad2d45f59cfd938267777545b179ed3b

      SHA256

      d077b27107d70599ebdff2292f9aa67a601c377e61f4b250887c14a700fd4160

      SHA512

      d5ebc856c70be6b7985bc091d89d913bc5d97748e1da6058d44944014d63effc22d84046088df27672c03e4667713f599c255a73bde745d1145fac5789b98335

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      83427564fa18af43e0fc7721ed144eea

      SHA1

      1261bdf6ba48d42b73c3022eef81b858825055da

      SHA256

      392a1ab158612cc3fbffe1e6b1bc8e22f2ed973ea95a9f654bf7ca76740eb12e

      SHA512

      896909c3a60facf7508dafb34a4ad28ea820147b69066b0d264ceed3faf7a8d3162150511b38d70d060279894ad2c683d6e56b314f421377fe3a5caf4203f388

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabB38A.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarB47B.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2240-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/2240-6-0x00000000002B0000-0x00000000002B2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2240-2-0x0000000000280000-0x000000000029B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2240-1-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download