Overview

overview

10

Static

static

3

19a6785fe2...18.dll

windows7-x64

10

19a6785fe2...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19a6785fe245b33b5b87091cc1d3a3fb_JaffaCakes118

  • Size

    115KB

  • Sample

    240728-vz3y4syejh

  • MD5

    19a6785fe245b33b5b87091cc1d3a3fb

  • SHA1

    574301573c262e1f1008fad6611ad1ab0506a2c7

  • SHA256

    b958fb921a0e3bcc14962b3771f610e972526713f70bd36437b3f299fd252e52

  • SHA512

    ff7608ea8242db34e257cd2568f9eeaad4c43e0643be5633a0881201141d26f5d46c23cc0f204e89a4a538818d35f193b1ad808bf80481f6751c6a5f84dcc6fe

  • SSDEEP

    1536:cXq3Q48oRjL3YCcxt6vcfFVwXr4OHZehTead4wBb88FGHKXs/OPWWm2B:ca3Q48oZDcxYvcNIViasNbG7/OPWWm2

Score
10/10
gozi7221bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Botnet

7221

C2

po3p53334.yahoo.com

web.citylimitshog.com
Attributes
  • build

    250154

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Extracted

Family

gozi

Targets

    • Target

      19a6785fe245b33b5b87091cc1d3a3fb_JaffaCakes118

    • Size

      115KB

    • MD5

      19a6785fe245b33b5b87091cc1d3a3fb

    • SHA1

      574301573c262e1f1008fad6611ad1ab0506a2c7

    • SHA256

      b958fb921a0e3bcc14962b3771f610e972526713f70bd36437b3f299fd252e52

    • SHA512

      ff7608ea8242db34e257cd2568f9eeaad4c43e0643be5633a0881201141d26f5d46c23cc0f204e89a4a538818d35f193b1ad808bf80481f6751c6a5f84dcc6fe

    • SSDEEP

      1536:cXq3Q48oRjL3YCcxt6vcfFVwXr4OHZehTead4wBb88FGHKXs/OPWWm2B:ca3Q48oZDcxYvcNIViasNbG7/OPWWm2

    Score
    10/10
    gozi7221bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks