Extracted

• • Target

    402f67334592fe3c0745b4f876814b0a_JaffaCakes118

  • Size

    1.1MB

  • MD5

    402f67334592fe3c0745b4f876814b0a

  • SHA1

    9e96d9c2cc5c1516121dd845a1e52a642877d1bb

  • SHA256

    4216715d3b9552e0c16affc8fd559469cf8958788679b3817610457537aa7dc0

  • SHA512

    d3bd2f9228deb93e85b7e7818e93eac5b9f5af927988abb7e8697b83ea8cc915e633ccd4599543cdbce6f3668b89f1adfabf99b4efde9f74af1eca64663cb6a9

  • SSDEEP

    6144:cLKd/9yO8EJKdRWWyU/PgJoK01tDWUej3dc9YJTVK1GHzbAW0tOpOZibXPU/gC9k:1dl7iutsClIqSYhjKT7x/++U0Z

  Score

  10^/10

  gozibankerisfbspywarestealertrojanupx

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Drops desktop.ini file(s)

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  behavioral1behavioral2