General

  • Target

    7f6b5ac84cc94d81a7f7ca2dfe078f66_JaffaCakes118

  • Size

    667KB

  • Sample

    240801-grhfjsvhrp

  • MD5

    7f6b5ac84cc94d81a7f7ca2dfe078f66

  • SHA1

    80fb55808a563cec68d4f5b565dec7943aae85e9

  • SHA256

    48715d5a940ee89fefba1cb8dbfafdcfed3c9258073c511770ff9324b69c5750

  • SHA512

    c729a355c2e93b8a0e775d141fbaa2257e7e394fb7fc381a3ddfa2803f09cc035bf3130c263da5bf7d6ea22ca881a689054e7d59a73db7c05036bfa2d48b6692

  • SSDEEP

    12288:uxsbzgQj68qJ7ce4/wrI8U8Bl2HHE7lxauBswgavoSpW2JY:oOzgPloebrISvQMh6wjTW4

Malware Config

Extracted

Family

gozi

Targets

    • Target

      7f6b5ac84cc94d81a7f7ca2dfe078f66_JaffaCakes118

    • Size

      667KB

    • MD5

      7f6b5ac84cc94d81a7f7ca2dfe078f66

    • SHA1

      80fb55808a563cec68d4f5b565dec7943aae85e9

    • SHA256

      48715d5a940ee89fefba1cb8dbfafdcfed3c9258073c511770ff9324b69c5750

    • SHA512

      c729a355c2e93b8a0e775d141fbaa2257e7e394fb7fc381a3ddfa2803f09cc035bf3130c263da5bf7d6ea22ca881a689054e7d59a73db7c05036bfa2d48b6692

    • SSDEEP

      12288:uxsbzgQj68qJ7ce4/wrI8U8Bl2HHE7lxauBswgavoSpW2JY:oOzgPloebrISvQMh6wjTW4

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks