General

  • Target

    3964ec2fe493ed566a404e9dd33434a5_JaffaCakes118

  • Size

    352KB

  • Sample

    240711-q5cxnayfml

  • MD5

    3964ec2fe493ed566a404e9dd33434a5

  • SHA1

    bca121cbdfb1c1212c27de720bcaa5c3a6fa845c

  • SHA256

    3b98e6c87edfb4da99612025cf485d302d42c184e73bcb727f9807923bfa9850

  • SHA512

    a39f9318f6307693e14958d8b985b6f78d5113e53a85bf55be7d6cf8aadd8921034d16b624898dac08ef2e17e8d56d1d7ef2d90853dd62ff12d0aa5a0c002340

  • SSDEEP

    6144:+87Sm49lFRQSAe5klIQm3n/ym1grjpY7nf9av3lYdkv+hgG2SnG4j/gU:Wm+3QSAdm3n/yogZg0v3Gqv0gG2mG4rv

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1100

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes
  • build

    250180

  • exe_type

    loader

  • server_id

    730

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      3964ec2fe493ed566a404e9dd33434a5_JaffaCakes118

    • Size

      352KB

    • MD5

      3964ec2fe493ed566a404e9dd33434a5

    • SHA1

      bca121cbdfb1c1212c27de720bcaa5c3a6fa845c

    • SHA256

      3b98e6c87edfb4da99612025cf485d302d42c184e73bcb727f9807923bfa9850

    • SHA512

      a39f9318f6307693e14958d8b985b6f78d5113e53a85bf55be7d6cf8aadd8921034d16b624898dac08ef2e17e8d56d1d7ef2d90853dd62ff12d0aa5a0c002340

    • SSDEEP

      6144:+87Sm49lFRQSAe5klIQm3n/ym1grjpY7nf9av3lYdkv+hgG2SnG4j/gU:Wm+3QSAdm3n/yogZg0v3Gqv0gG2mG4rv

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks