General

  • Target

    7b92e9d21bc4db838bc102b289f4fd5f_JaffaCakes118

  • Size

    319KB

  • Sample

    240731-hbr6gsvhme

  • MD5

    7b92e9d21bc4db838bc102b289f4fd5f

  • SHA1

    44787ddf91b10291f8338590c5d99839040e1cd5

  • SHA256

    efde2ffa60cc96325c46520e818c6001a5b1dabf7f21626d58f67d7ed3c52761

  • SHA512

    c8e38f25ba8bedafabe0dd04920dfeef44d6192fc8aab5e7efaf7aed248c5f5ae1af02e51b09d0fbb5e88b5916f57c0d88a5b626e0c90d207a113245de91285c

  • SSDEEP

    3072:jB8sG8S+M2sDsyLFdPyjAaswzjVFOBA3IQOfQQ6FpuB3zOa9vMpuc9:jB5MxjbJy8ocA33Of7Yp4jOa9Up

Malware Config

Extracted

Family

gozi

Targets

    • Target

      7b92e9d21bc4db838bc102b289f4fd5f_JaffaCakes118

    • Size

      319KB

    • MD5

      7b92e9d21bc4db838bc102b289f4fd5f

    • SHA1

      44787ddf91b10291f8338590c5d99839040e1cd5

    • SHA256

      efde2ffa60cc96325c46520e818c6001a5b1dabf7f21626d58f67d7ed3c52761

    • SHA512

      c8e38f25ba8bedafabe0dd04920dfeef44d6192fc8aab5e7efaf7aed248c5f5ae1af02e51b09d0fbb5e88b5916f57c0d88a5b626e0c90d207a113245de91285c

    • SSDEEP

      3072:jB8sG8S+M2sDsyLFdPyjAaswzjVFOBA3IQOfQQ6FpuB3zOa9vMpuc9:jB5MxjbJy8ocA33Of7Yp4jOa9Up

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks