General

  • Target

    89bfd463ca76b62c61a548778316567d_JaffaCakes118

  • Size

    452KB

  • Sample

    240811-kvbzqasgnm

  • MD5

    89bfd463ca76b62c61a548778316567d

  • SHA1

    c177b6298e37b6f541d748b7e988de5d2b2c95e1

  • SHA256

    c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf

  • SHA512

    48daf33aa5b6c1bc08591e9145600a8054090c1abbfea5c5bea9d8527de99da8f9f5bff398aee7c3ad299cb59e64de6f60025fde7450ba8a0b3280994663498e

  • SSDEEP

    6144:5btQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:5mmCVRtPvq2+d/

Malware Config

Extracted

Family

gozi

Targets

    • Target

      89bfd463ca76b62c61a548778316567d_JaffaCakes118

    • Size

      452KB

    • MD5

      89bfd463ca76b62c61a548778316567d

    • SHA1

      c177b6298e37b6f541d748b7e988de5d2b2c95e1

    • SHA256

      c37a1e21303ca855cf27e61c4011405bc5d21d7ce6b9b5d84210374f2b186faf

    • SHA512

      48daf33aa5b6c1bc08591e9145600a8054090c1abbfea5c5bea9d8527de99da8f9f5bff398aee7c3ad299cb59e64de6f60025fde7450ba8a0b3280994663498e

    • SSDEEP

      6144:5btQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:5mmCVRtPvq2+d/

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks