Overview

overview

10

Static

static

10

3f3fd65068...18.exe

windows7-x64

8

3f3fd65068...18.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f3fd650682d1b8e209c39552582cec2_JaffaCakes118

  • Size

    74KB

  • Sample

    240712-2624qavcrp

  • MD5

    3f3fd650682d1b8e209c39552582cec2

  • SHA1

    11c4c1ce4bb59542ec635939ab5d91efd6818d8c

  • SHA256

    5d7f38eb4e6fe1e7eb4e60180ceed24d98e52e761ae52e5e524801b3999c9790

  • SHA512

    f4f36d7ad946e61c737ebb9f0c63e56f1223cdf4fe14287b06ddb6b0b2fc98a8cdaa7965c4e2d4bb5a1da2257afa829ebd7fdfbb32224b5a79f82f9c60ff6919

  • SSDEEP

    768:9+Nm1a2FmLZuLFU/r6aqpHk5PmQnFgovom4at99lfO1Qtw/qsqcm9/p8kAn45:99YULFU/rVKCKovomN0QGiFcmc4

Score
10/10
goziisfbpersistence

Malware Config

Extracted

Family

gozi

Targets

    • Target

      3f3fd650682d1b8e209c39552582cec2_JaffaCakes118

    • Size

      74KB

    • MD5

      3f3fd650682d1b8e209c39552582cec2

    • SHA1

      11c4c1ce4bb59542ec635939ab5d91efd6818d8c

    • SHA256

      5d7f38eb4e6fe1e7eb4e60180ceed24d98e52e761ae52e5e524801b3999c9790

    • SHA512

      f4f36d7ad946e61c737ebb9f0c63e56f1223cdf4fe14287b06ddb6b0b2fc98a8cdaa7965c4e2d4bb5a1da2257afa829ebd7fdfbb32224b5a79f82f9c60ff6919

    • SSDEEP

      768:9+Nm1a2FmLZuLFU/r6aqpHk5PmQnFgovom4at99lfO1Qtw/qsqcm9/p8kAn45:99YULFU/rVKCKovomN0QGiFcmc4

    Score
    8/10
    persistence

    • Drops file in Drivers directory

    • Server Software Component: Terminal Services DLL

      persistence

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Server Software Component

1
T1505

Terminal Services DLL

1
T1505.005

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks