General

  • Target

    80e1ef9adcc97e2e1bf01accc292a50e_JaffaCakes118

  • Size

    130KB

  • Sample

    240801-r36bvsvhlj

  • MD5

    80e1ef9adcc97e2e1bf01accc292a50e

  • SHA1

    0e411e16287b4d62c3014f39f926114b9fd87c46

  • SHA256

    33e02789dd92d4e19e4279a17f156147747f71aaf9918b3ace2bfc68b9d5b9b7

  • SHA512

    aa916eb5d9e939ba23e889fb27038b97d5fd2deceffc8ee192be382869f045abc52a8ab1a2eea9da6f1dafb96c9643d2d55e8f69b0e20d687515f99958a171cf

  • SSDEEP

    3072:8ixnpbFYNySLIy4raSr/G87HlY9o/bIcyiZDk95c8mxc:8ynpbSMFb/0o/bIctA9jmx

Malware Config

Extracted

Family

gozi

Botnet

7223

C2

porp53334.yahoo.com

web.cindycrawfordgroup.com

Attributes
  • build

    250154

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain
rsa_pubkey.plain

Targets

    • Target

      80e1ef9adcc97e2e1bf01accc292a50e_JaffaCakes118

    • Size

      130KB

    • MD5

      80e1ef9adcc97e2e1bf01accc292a50e

    • SHA1

      0e411e16287b4d62c3014f39f926114b9fd87c46

    • SHA256

      33e02789dd92d4e19e4279a17f156147747f71aaf9918b3ace2bfc68b9d5b9b7

    • SHA512

      aa916eb5d9e939ba23e889fb27038b97d5fd2deceffc8ee192be382869f045abc52a8ab1a2eea9da6f1dafb96c9643d2d55e8f69b0e20d687515f99958a171cf

    • SSDEEP

      3072:8ixnpbFYNySLIy4raSr/G87HlY9o/bIcyiZDk95c8mxc:8ynpbSMFb/0o/bIctA9jmx

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks