General

  • Target

    94e0e16592795ed3bc3a276710711384_JaffaCakes118

  • Size

    200KB

  • Sample

    240813-1rdxxaserr

  • MD5

    94e0e16592795ed3bc3a276710711384

  • SHA1

    bb3aea39464fb0762d47fe8b479c74b447889761

  • SHA256

    88e078a07a8fd47f46bd1eea28cd80182c87d3bf3fa6119baafaaa554f719f74

  • SHA512

    6d77006e22866990ac5ef5a296ec3d20aadce5fa85eb00aece9e7bb8ccb044411a810d77a3bfd2d333fe4ebd1617539334dd5ff05f08eb5f8a6737b56517dce4

  • SSDEEP

    6144:317R4t23DRTWWdMpLruRv+F5MsFfaHGGbyvM:T+cDRCWdM9SRveFfa5yvM

Malware Config

Extracted

Family

gozi

Targets

    • Target

      94e0e16592795ed3bc3a276710711384_JaffaCakes118

    • Size

      200KB

    • MD5

      94e0e16592795ed3bc3a276710711384

    • SHA1

      bb3aea39464fb0762d47fe8b479c74b447889761

    • SHA256

      88e078a07a8fd47f46bd1eea28cd80182c87d3bf3fa6119baafaaa554f719f74

    • SHA512

      6d77006e22866990ac5ef5a296ec3d20aadce5fa85eb00aece9e7bb8ccb044411a810d77a3bfd2d333fe4ebd1617539334dd5ff05f08eb5f8a6737b56517dce4

    • SSDEEP

      6144:317R4t23DRTWWdMpLruRv+F5MsFfaHGGbyvM:T+cDRCWdM9SRveFfa5yvM

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks