General

  • Target

    08e98ff63690c9ee769b9c8faf47ef61_JaffaCakes118

  • Size

    260KB

  • Sample

    240728-eznana1drf

  • MD5

    08e98ff63690c9ee769b9c8faf47ef61

  • SHA1

    fc1b26f35100675f37bc5c46177d1be1a6942f10

  • SHA256

    790c8ad8130be6018c03849998c7e261a3baa2783ca534dca4fae2b68df45a33

  • SHA512

    7b8d0bc2d8e807bf7acf71f427f48e02e64699288c39351aa330a9f0ff914b3873ef148587045ce6bfb8f11dd4d1f327f15028e0b31d64e0f2be5bbc745673d3

  • SSDEEP

    6144:AGNUIaYrWoQv2jOzJR6NRLj53RhxzBa7G36wPlk3:AGeIDramOzJR6PLzhxNaMm

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2200

C2

api10.laptok.at/api1

Attributes
  • build

    250155

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    730

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      plush.aaf

    • Size

      517KB

    • MD5

      a4aa5f69df4a8c36f28e8207c5b1fea7

    • SHA1

      59230dbb70126eae831cae6ef10155884f6f2a67

    • SHA256

      06dd35ce0c9b164f9ecafc4269d91fb8a23634d541ec455dfcd4dcd624523f4b

    • SHA512

      ededba75d78af82e667a3ea2c70b5a95cacb31c209d03e6d5bc03e2ff00a92f53be711772e21e5f08fc8e2d5459bcae17bf8ecb76f2623df5c0a786473476f56

    • SSDEEP

      12288:1TwgpHGZ4HLm/IIM2RHeyoC1zDE0DcRwyN:p8IIM4e4zDdYRwy

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks