Overview

overview

10

Static

static

3

b89f87daf6...18.exe

windows7-x64

10

b89f87daf6...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b89f87daf62c94d5bcb808f5b7fadc33_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    b89f87daf62c94d5bcb808f5b7fadc33

  • SHA1

    2cc87a4225063ef0a84fed444bd523ba340ed4fd

  • SHA256

    d2862986a8e91da5655f32895578cb3d86718c6a07a5e5614530a49123d2dfdd

  • SHA512

    2c504d1e30a476358fe2bb953d2832a68926dbc4a1dd18cb7b4ff98fe9aeed53ef75fc30a16b14e1c2c8da77e75043459032dbf8650024f0ffdc87704a883e87

  • SSDEEP

    6144:hVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:hVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b89f87daf62c94d5bcb808f5b7fadc33_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b89f87daf62c94d5bcb808f5b7fadc33_JaffaCakes118.exe"
    1⤵
      PID:1192
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2628
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2772

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      16cfce1154c14aa2ab7e9a9b62ae4df2

      SHA1

      46ffa690c780ef191911714fec781470e6cc1e4d

      SHA256

      83552a93377abf7bdad6e7b790963dd1f67edecef2bc34a7189b69c9c341b115

      SHA512

      7b94f262b63eff48ee308eeb4ebfaba8fd7309baad3a5283945db9e307e947f2e02b9c5069b3e5615cfa96fd52b2d23219392824a8b9ef6f23ff8027eafd5e3a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f46290003cef566f7357a6a942e3b79f

      SHA1

      4dfd5428f9a16cf3476aeaaa6f99f3e003e54370

      SHA256

      6612e04fbddd30de5679420cf0a9017e1e6e433bbbf7c17587990d29434a98fd

      SHA512

      a427ab339ab2a827affa89c53b988bd63ea58ecfa0da715a80759a4db789fb9f6758dd0a0f854024b998c02612b99230fd44eaaf3fd8da11a4d7704a663d4079

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ec56c518e78bd2030ba977069527e112

      SHA1

      2d78e72c0815444d4b2a0f9c0823edd2c293157e

      SHA256

      859cee8a4e72d2ced1d03af9041ff0c067d6b682469b4a7164a61a1c6104480c

      SHA512

      44360c8905c465fccf5c918c1d143350204e17efafb1ee43b9cd821bec67510d549fd57c157666b434c77518b8ed42f75b7ed5c3c36e11b6890101821451a5c5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ed0a689281573a7bb58af110449a7188

      SHA1

      64861bf6571174ada0967ffb44c7f0e24142b547

      SHA256

      d9916e45e1809df1b3ccfe14fecd8c4fd2e0069ecb43047727cb11d919210568

      SHA512

      259a7f02bbb02e15fc308db0e54ed77b8e41086ad9f75f12405824c2b71d40bab86703a910b5b3327f2654eb1728463a6fcce70d9205198eb2ee903f759df7e2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e43e18d18ac38ca76fa419b8dff74636

      SHA1

      82a72c7506cd115cab505da1832f5aca31652b9a

      SHA256

      0c6fc449d53a618b6e1aa905a533f7e4fdfb501b82de912f589a95b5bffc4e4f

      SHA512

      d317223cf78608fed49e3ee34870ecfe8fea686e5bf5b76e42ec6d58df046631a8054cef5334be91a8abe332e4f9f6718ec0416788a75bd323e77b7bcff5ef33

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      29d0f4820d5f1dd078e79908b3899be5

      SHA1

      00804099d44a28788499a804092b799f14440179

      SHA256

      8a35381f4e7cff9a8b75390a43cfedc48005e78ff968b2e55a2338ea7444982d

      SHA512

      7f48a493acf0a59e1344107b8ed830058a4b28d07383732a879f550db3e79d7f1d9580b5903c2f74b5bf0e33547fdfcdc6433eaf896684d7bb1f579684ce4e03

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      47f1d253c5ea65eaf04be24928fdfd1a

      SHA1

      eda779288d4f7af033749bcbb519682d7ea2f8bf

      SHA256

      17672ee7572df06e58661a94ad6f0a2116220604087123a07b2d6a88eb02cd94

      SHA512

      fab7ac384f30627cbd3c7c5a8db34e5867330ae14d7ce7399dafd864cc21ba930f6768eef356a75e6ebc4e3734788c8d1a785c1752de0dcf6cc15fef155d6fa3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      01e3d090254b6670b0cfadaea354af85

      SHA1

      cd2e4c625ccbdc919fc71bcbe14f847745ed1a05

      SHA256

      0d8547bab2d848b533e89c76a7ee7f3169cb28c454f23dcc35823dd8fe0f5c69

      SHA512

      af84101740d009761f31d872a7b87c29d9f2586ee87a5cefbdc9fcb20390f9065b6f1f6f4e4f32ddbb6ed43e7742d1814d6611afeb3acf1a3cada760c3ed30d1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      54d93d9e0a73851f011e6af738b23381

      SHA1

      349050a41e2819e9df04bc0ad0904269f207ce64

      SHA256

      03e65ed72450f9d14d7820313333c96b761a02c76ff8a8de33037e32c5908c2b

      SHA512

      e988674c12bad1e1c7d7e62a014c90a3f30c8381b29262396dc5a63c2a5919ed633d915ee315f075f1dad2645fb55e30d4a7e368b9cf6fcdf1a258f4c9b0a501

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA778.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabA7F8.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarA80D.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/1192-0-0x0000000000A50000-0x0000000000AA3000-memory.dmp
      Filesize

      332KB

      Download
    • memory/1192-6-0x00000000002B0000-0x00000000002B2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1192-2-0x0000000000270000-0x000000000028B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/1192-1-0x0000000000080000-0x0000000000081000-memory.dmp
      Filesize

      4KB

      Download