General

  • Target

    85865e048183849b255c92e609a5fa25_JaffaCakes118

  • Size

    137KB

  • Sample

    240810-k2565sxfjh

  • MD5

    85865e048183849b255c92e609a5fa25

  • SHA1

    1b57eb997e7dd89ead0ba07c1df49d7596d9b4e4

  • SHA256

    44e16f5ea1d1278346023d64f752003318b89dde6c4bef2e6391d0a1889fca7d

  • SHA512

    c269089c733139d3723cc40093e9cb827e627052affa6aceb9c92bdec734b282d6b0645011202cb987f14dd2aa7d118556711566abecd3aa345369dd8c64e3fd

  • SSDEEP

    3072:gn/jDWo22LEvQFZFAow6gyLJmD6SIAvsM5aw2:S/jrPO6jJmFDe

Malware Config

Extracted

Family

gozi

Targets

    • Target

      85865e048183849b255c92e609a5fa25_JaffaCakes118

    • Size

      137KB

    • MD5

      85865e048183849b255c92e609a5fa25

    • SHA1

      1b57eb997e7dd89ead0ba07c1df49d7596d9b4e4

    • SHA256

      44e16f5ea1d1278346023d64f752003318b89dde6c4bef2e6391d0a1889fca7d

    • SHA512

      c269089c733139d3723cc40093e9cb827e627052affa6aceb9c92bdec734b282d6b0645011202cb987f14dd2aa7d118556711566abecd3aa345369dd8c64e3fd

    • SSDEEP

      3072:gn/jDWo22LEvQFZFAow6gyLJmD6SIAvsM5aw2:S/jrPO6jJmFDe

    • Server Software Component: Terminal Services DLL

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks