Overview

overview

10

Static

static

3

bd7d98a255...18.exe

windows7-x64

10

bd7d98a255...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 17:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd7d98a255c8d799a6ca9d9eb9baf251_JaffaCakes118.exe

  • Size

    215KB

  • MD5

    bd7d98a255c8d799a6ca9d9eb9baf251

  • SHA1

    e72fe38180702c1b433fd80b540e0189658eb294

  • SHA256

    cfc65468fa4e9d507b5ba7e84f6cf367bcec54aa528b65aa0cfb38e342a34816

  • SHA512

    47ecb7ce2e0fcf6e936ba36ffe7addec5270ea353860bf7073907853ada7e6685e1e2183767a3d4c2825db6f9d8acca1995ef45b717eb9de495d544b2be6d719

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0l2L6BWnqR+yV:BHXDy1qVvZnOe/HEyowWGd

Score
10/10
gozi3153bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd7d98a255c8d799a6ca9d9eb9baf251_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bd7d98a255c8d799a6ca9d9eb9baf251_JaffaCakes118.exe"
    1⤵
      PID:2084
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2940

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      230696ec9396780b7711e4f29e0400d9

      SHA1

      cc1c3a478dc121cfdeb4e04cbd3be32e5d7cd7ec

      SHA256

      70f6225dc51134283976a271173b041824d64356441e9c2714fa8b3719ba7a91

      SHA512

      08ea493da039f935e1f80a2a4cfe97471c333c84b76fd57e7d1f7806bd7276fb864d654d97e9d2dd6a25531f28afb59a2e69179407ca42715a7d904477389926

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a8dcbe74af42da27f431843da7f6da09

      SHA1

      8ba7b923fb6ab4b6516a46fee0b93a18aad2c5e3

      SHA256

      51b41f9ee216139607178860e6169e2874fefe5f003a686ac08cf94280becbcf

      SHA512

      787e94cba4fb59fb48bf30abd9a34f8ce4b97ff7109688ceb43a0a2275b0b5a5b608d6399707faaf2e497c9583c95fd8dc0448e02f25af2fc608c1fe00e75e93

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      05b620a653b207cd018729252fcefdae

      SHA1

      b381e705376801117e0ceb119e3cc7777e7e728f

      SHA256

      8c46426f059bb058e0a2c59f042f1ac01af8b979ee43eb7a6deb852198a25bae

      SHA512

      c98d613fd9196daaddf37fe76b8be8ca861f44156c674da5731d0824b8366f070af6d2cb5b37e84d3b8994b9ff9b47c9a2bbfc1cbb77136245215f35234d39d1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dcb4116f33aea6b3b3969614aeb55fd9

      SHA1

      9a14cccb9107fa9425294538bc8011bcfeebe9a2

      SHA256

      63c7f44d60cfde239aed0c2fdfb28d48ecdd4e3383899072450884f7e3ae3a83

      SHA512

      01ea48389768151d451753b8a76981f0134f07c9e67d5d2375a048c3ed415c19864b1cebcb53ca46668532ea39c002cddd1560bf82a2010b395c9632a51135b4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e60aa683819d8ca9de8ced01ce161d50

      SHA1

      93c0861166939f9477283a63978c40318a035551

      SHA256

      3d779a7633258431e309b98120f9c26e4a295d698c83b7a82846a1a5d254d695

      SHA512

      43fec9e24ddab571ef8788109e80095ca8ecfdee6c57cfbe0aea6af5f5ebb3d0dc3f3c8fa3308f858adcb30124805b885aa5066a918266f911fca4af56f600f7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7cdd26468ac4da9487ba474f59c7e248

      SHA1

      675c3bcfb0b2b23aa22e22887299b802b8a9ce25

      SHA256

      c1b53f503d49db59bb15a00a08fdd850c5234562f8e2acb025c9a223f42f9b3f

      SHA512

      00c19ec730fdecb6179d4dbaabdcf226671ddf757bfea8f23ac861125153f0dfe3fc808e043e01ca66c4bd6b208383de9efbe9ae9544719ebebd947a10a072c6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5c63f9b20d8d5449ddb9152a9bffdd10

      SHA1

      9dbc791a69e88dd12e436befae93468b0c30bc4f

      SHA256

      9fb428900d95752ebdf7960049369ea7e369d650e09f16d455a5c23e7f7ae47f

      SHA512

      c848cbe2378bed1554aedfe62071f97313f6036d3386db1dec82c9b808147c0ebe5de54e72e9f236ee5bf11d3fa6b25ee1bc801f22794b9a5bd7af896e1d984a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      53c7569133242f813d54c719a69c304d

      SHA1

      3dcca916cb5dcc805e41812950c3d045b0e7a975

      SHA256

      c7bc72c77c5cb4634d170814598e8a3a34ed044e84a609a30f4440df609cf15f

      SHA512

      62254438fe435d1e6b9777f5977ef6aeca773ca60559e4a8718f0dabaa84a943149f93953603744afb2aa3592696888d802088711ed8ebfc0bd7f92ac95fb291

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0fc90b1d907824b45f77dfbbe70b72b7

      SHA1

      4585f54c8283f9507bdc9d68ae5dfd9dc9b947c2

      SHA256

      c4e65b4324bfa79b9230d8425f484d422dbfbe429c6bd2d34d1664a2352b447e

      SHA512

      65e1ac389db1ef6e3d542056c8ed1631416824060f776c5a9487ebcb1b27d8813007763d0c8db19a4cac0fbf7b707786cd22926ff42815ad7582b4f7da303ae2

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab7E0.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar8BE.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2084-0-0x0000000000400000-0x0000000000441000-memory.dmp
      Filesize

      260KB

      Download
    • memory/2084-6-0x00000000002F0000-0x00000000002F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2084-2-0x00000000001F0000-0x000000000020B000-memory.dmp
      Filesize

      108KB

      Download
    • memory/2084-1-0x00000000001C0000-0x00000000001C1000-memory.dmp
      Filesize

      4KB

      Download