Overview

overview

10

Static

static

3

b48e02d8f3...18.exe

windows7-x64

10

b48e02d8f3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b48e02d8f3f42ea961eb0f060af25e37_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    b48e02d8f3f42ea961eb0f060af25e37

  • SHA1

    3e2220030a165c6a8043b100f3943710793aa70e

  • SHA256

    455a9512d92e0b28b9858caa4247abef7c32418a76d548c92a65b07d5f8fe419

  • SHA512

    5ef7c8dba9d6221f6daf8e56a535fe4206e5b20737df7f856d6e9ce7515333b868821747c579b6d5dcfe84b2320d9a221b3fad291d083980397f2067d6ab4d54

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0Z2L6BWnqR+yV:BHXDy1qVvZnOe/HEyoEWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b48e02d8f3f42ea961eb0f060af25e37_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b48e02d8f3f42ea961eb0f060af25e37_JaffaCakes118.exe"
    1⤵
      PID:2580
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2244

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6807361516812e2c4cab1ef0fd6df313

      SHA1

      10728c2f01be0fd4f256cdac5ff47c6b1db5f49f

      SHA256

      5869fae552e0718119d3658d129e3e0983e5be83a19a0f13310b04599b96d5bf

      SHA512

      e3a5d841119ffeb70754f427b949ec19ef51d1230b47a8f1596a2aa45e84eff6313e876c60f04d11200415b1ba2ddb10b1d8e978a2d98e8fca0307ef121b1ff3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9a1f675f8e4e12bf92e6311d068726cc

      SHA1

      0bf585b088ec7c34b40d45ccba66bd01faa246dc

      SHA256

      e2e3a420f5ae52707759a3db815d15a5b51e666cdd61fcb89a96557077614c8d

      SHA512

      44d8b0dae7101622dbfb72926216709f463d05e9a08a70e280eca3d3bb6d8b7fbebccda7fb3255f59ecd02f906bad3d3171dfd79404d6e48cefe42123e71e61d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      22262bc7e47e0eea16e74e0e5d206c63

      SHA1

      eb87aa444d4eccb6c0c7f93a8267926913d2fbe3

      SHA256

      6c7edddae5345dbc740d1037d4e14946e67f73580833d8805bda567495db0bee

      SHA512

      e2df0d45de4701200def7250c4faeaabd7502d22208a42f520d893be2ff51e4c2027b818cc3367a979bdf45ef396f91317fef79e41782c6bcafdaacb5f61af30

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      694036ab62170a00477ee0f49be0b403

      SHA1

      dcd2d41802cc561b743d5ef8ad0b93ce72db7289

      SHA256

      d8a9cc177fc9840b1e2ac94361c75a2494000670aca48a937c8954a171b856b9

      SHA512

      a867ceef1eea19d5b9ee34c504a15fa2b6c2071e0329417bb70da33d7614f95593cc3f342934eefa42b91404b014b885920c8f160b10eb65b887ad2914ec8ab7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9e8050a2987e0f274cae730938f06f39

      SHA1

      7febd2b9e6c84b872ba707783f02877d2351665c

      SHA256

      855f4f9999cf626abc21f85bfe60d9caf2342bf41208fa4e80233db55654e5ec

      SHA512

      eb93353babc84908fc4cf40ae4ac6caeaf4f8cf7fd92c3f89929729c93a876a5c3d7705d1e0c7e3d983f349d166e0141a369032e267e53c207959e9ea99b7eeb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b9e149a52976e4c64284a60f5e86e2d6

      SHA1

      ef297e0862cd6fb7dd72aee01047c400d5549091

      SHA256

      cf53659b45d0fe315e2b995b51ecf6da5fc99d51e196082477c346af49e34ca1

      SHA512

      6dac441f73e3ef4565a231b1fdb10a554ca273ef3e6ae79f5b02e0bce91dee66c99a36c58186805b567720b362a7303519d2277a183323e9e86789db28ab2bc7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      59fc25fac1131782b84f2bb10e7c9247

      SHA1

      5af057f75fbe22ebf02d5082db92dc22af479136

      SHA256

      e44774877ca04877371c95bce5810ad287fd514496629d92c319ae17a5917dbf

      SHA512

      8c345b89e16a957d180c1abfd8a702e8da6ce6f7e25fcd24ae926aa05538c7e770841172d04de51c67b469937f0fd2b5d640da244d60863436c5b3fae18a469d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c1c1d8c9933d1f2a101a82bc79b5801d

      SHA1

      774d764c2d0cdf90aaa3dae09a4daf2c76cfe714

      SHA256

      3b7b8b463aa6be84d1df0c50bff79924bf675bb1937669ed635ca24d47ccab3a

      SHA512

      db901e92bb3e9b2feb675374d279aaf37f85de9cd08bd01aa23af2bdbc934cbd2b32f145d4d6a7f5a64337a5145b16bba37d14536b8e1b438f58cf500a1f101a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      93c096981fe56f9e36a6e51fd8311902

      SHA1

      f94e7b4efe9f6e719a2440bced9c6d3b59c57dc8

      SHA256

      4febeec6780f0fc91c87e3d8df6d090a0fcb7697d24cbe37d3508adc0891b951

      SHA512

      ade34d101307b4001f5e2edca151116de2919f17458149126e282a0914e7466b9ff1ac51a7d15673a2e297e9d5a225b930a43a48b0e4f4125ef72c91260c9e4b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabFDD2.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarFE81.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2580-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/2580-6-0x0000000000500000-0x0000000000502000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2580-3-0x0000000000450000-0x000000000046B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2580-2-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download