General

  • Target

    8a77c85863b761ba90af4b78d3d01ceb_JaffaCakes118

  • Size

    213KB

  • Sample

    240811-qbybhavejf

  • MD5

    8a77c85863b761ba90af4b78d3d01ceb

  • SHA1

    bea36e75b477db2544d14b093e4f60847a9df2da

  • SHA256

    ed7d22c2f922df466fda6914eb8b93cc27c81f16a60b7aa7eac9ca033014c22c

  • SHA512

    6bbb553a8005b58ef1e91addb8c557f5f5e23d495f8fbcfc1982f26ae385a9f870272b3fe77ac86c268300db758cab903882791d5730d4d2828902cc4213a248

  • SSDEEP

    6144:1E5vHmxMZDXsJkPDwnO6Bc9kQnQwI2Hsygb:1CGyZbkeDwnO6i9rQl2l

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2200

C2

api10.laptok.at/api1

Attributes
  • build

    250155

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    730

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      8a77c85863b761ba90af4b78d3d01ceb_JaffaCakes118

    • Size

      213KB

    • MD5

      8a77c85863b761ba90af4b78d3d01ceb

    • SHA1

      bea36e75b477db2544d14b093e4f60847a9df2da

    • SHA256

      ed7d22c2f922df466fda6914eb8b93cc27c81f16a60b7aa7eac9ca033014c22c

    • SHA512

      6bbb553a8005b58ef1e91addb8c557f5f5e23d495f8fbcfc1982f26ae385a9f870272b3fe77ac86c268300db758cab903882791d5730d4d2828902cc4213a248

    • SSDEEP

      6144:1E5vHmxMZDXsJkPDwnO6Bc9kQnQwI2Hsygb:1CGyZbkeDwnO6i9rQl2l

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks