General

  • Target

    79bbea0aa018d8a80dfdad737e2a8d4d_JaffaCakes118

  • Size

    547KB

  • Sample

    240730-x4pndsvblk

  • MD5

    79bbea0aa018d8a80dfdad737e2a8d4d

  • SHA1

    6fa46953bea4ffcb88a1f67b0a14716ec4f91f42

  • SHA256

    afd42e8cf12186d2cac8c214f0a5788cd5b5832cc308ff0bda64123f0a9886f9

  • SHA512

    a416aae513c498001fc337f36678c77fd892f071da3ddc11a6c47eb3684effab5ff7fd215c6848d553cd8fd7db8a22f1d4988b37057fc82fa7fa0c2a05310ebf

  • SSDEEP

    12288:UecEEfVutWZ9dIeC9i51PTHhMV+UnCojCQFbul1r4GS4N5Dp:DKVwLyTHhQnIT4GdN

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Targets

    • Target

      79bbea0aa018d8a80dfdad737e2a8d4d_JaffaCakes118

    • Size

      547KB

    • MD5

      79bbea0aa018d8a80dfdad737e2a8d4d

    • SHA1

      6fa46953bea4ffcb88a1f67b0a14716ec4f91f42

    • SHA256

      afd42e8cf12186d2cac8c214f0a5788cd5b5832cc308ff0bda64123f0a9886f9

    • SHA512

      a416aae513c498001fc337f36678c77fd892f071da3ddc11a6c47eb3684effab5ff7fd215c6848d553cd8fd7db8a22f1d4988b37057fc82fa7fa0c2a05310ebf

    • SSDEEP

      12288:UecEEfVutWZ9dIeC9i51PTHhMV+UnCojCQFbul1r4GS4N5Dp:DKVwLyTHhQnIT4GdN

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks