General

  • Target

    2af56c3db87fdf4bb7c3de1ac53d97b6_JaffaCakes118

  • Size

    143KB

  • Sample

    240728-3hvv6s1dpn

  • MD5

    2af56c3db87fdf4bb7c3de1ac53d97b6

  • SHA1

    c02b4c0c19c54d3c2c25444c7ec888c33b81926f

  • SHA256

    d7c37dced460635f71add15aa5071cdd82d73ab250c7f3104387bcdceb7ddced

  • SHA512

    c025d4767ac95764c1c4bc7281072bcd226f66bb1002b866f4d64aca449f5fd40b3aeea8debc8435677538d324144cec837405acf6005c2a5e50395a446f78f4

  • SSDEEP

    3072:DH2/rnqskIU6Ca/jMI6GPtSd4RKBWMKob523U:b2/VFCa/jMTEtS6RroY

Malware Config

Extracted

Family

gozi

Botnet

7223

C2

porp53334.yahoo.com

web.cindycrawfordgroup.com

Attributes
  • build

    250154

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Extracted

Family

gozi

Targets

    • Target

      2af56c3db87fdf4bb7c3de1ac53d97b6_JaffaCakes118

    • Size

      143KB

    • MD5

      2af56c3db87fdf4bb7c3de1ac53d97b6

    • SHA1

      c02b4c0c19c54d3c2c25444c7ec888c33b81926f

    • SHA256

      d7c37dced460635f71add15aa5071cdd82d73ab250c7f3104387bcdceb7ddced

    • SHA512

      c025d4767ac95764c1c4bc7281072bcd226f66bb1002b866f4d64aca449f5fd40b3aeea8debc8435677538d324144cec837405acf6005c2a5e50395a446f78f4

    • SSDEEP

      3072:DH2/rnqskIU6Ca/jMI6GPtSd4RKBWMKob523U:b2/VFCa/jMTEtS6RroY

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks