General

  • Target

    83429db9cc63196bf42c691cc09b7b84_JaffaCakes118

  • Size

    106KB

  • Sample

    240802-gjhrcatfnf

  • MD5

    83429db9cc63196bf42c691cc09b7b84

  • SHA1

    0a9e8ca0be532856ed81078d729bbbcf049abcf6

  • SHA256

    238a9d0abc415debaf88fd30df6e92db4f82495eb27736bf0b3a008cbe71a166

  • SHA512

    832f3336abc92bfb22fc75d3992d44dfd2a31b1468497e79920737c401122453885357eb44eb797cc2c0805d88bec2060a310bff79f316008d365f0408311fe1

  • SSDEEP

    1536:9gResSzjBEY7AmycmyTOOiq7NPsS5A9M3jj+kEPDKgf:G3S/CY7GQT9iqx0XYg7/

Malware Config

Extracted

Family

gozi

Targets

    • Target

      83429db9cc63196bf42c691cc09b7b84_JaffaCakes118

    • Size

      106KB

    • MD5

      83429db9cc63196bf42c691cc09b7b84

    • SHA1

      0a9e8ca0be532856ed81078d729bbbcf049abcf6

    • SHA256

      238a9d0abc415debaf88fd30df6e92db4f82495eb27736bf0b3a008cbe71a166

    • SHA512

      832f3336abc92bfb22fc75d3992d44dfd2a31b1468497e79920737c401122453885357eb44eb797cc2c0805d88bec2060a310bff79f316008d365f0408311fe1

    • SSDEEP

      1536:9gResSzjBEY7AmycmyTOOiq7NPsS5A9M3jj+kEPDKgf:G3S/CY7GQT9iqx0XYg7/

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks