Overview

overview

10

Static

static

3

edad0b5056...18.exe

windows7-x64

10

edad0b5056...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    96s
  • max time network
    101s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/09/2024, 13:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    edad0b50560549b2c7a751ebfe241c9a_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    edad0b50560549b2c7a751ebfe241c9a

  • SHA1

    0e2e1580f56616cfaeb98d7d5f8d4f8ba5d211d6

  • SHA256

    67efbd000e4b8105d7c69c942e158277c4b198bfefbab49d49835f49304e1967

  • SHA512

    dd2e455f45619b19491d9db20b91644b2f745cae84878bf26a43f054b4dbee16d1e65907cd02297a771d71a84213df7b357c2e78e25215767f109c52f5988537

  • SSDEEP

    6144:iVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:iVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\edad0b50560549b2c7a751ebfe241c9a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\edad0b50560549b2c7a751ebfe241c9a_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1756
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    673b8e441df10291c80686d0979bd7e0

    SHA1

    f2798da70bd247d6b18d8015cb4510ebce3b2360

    SHA256

    64bd7857367a41cfcbde7ec00c8d9ae9ebb052d6231a30a4ffa224d2791e214b

    SHA512

    1910c37de5805dcf81f68331e7811bed31d9b595b07966462813f9173d1595498b8849a1e236108f6f05876aa0b69cace4bfda16b094567f986c842ff9958547

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1676ac7efdbad6f64e4151086fa5f262

    SHA1

    7c308227fbe46717bb73decab1d3c2081180e96e

    SHA256

    a7a202334fa508bd7727056932e9792f6f4fa502ae90d54bc16c4fe460e23b40

    SHA512

    a629fcf4d44be5c27f110675fdb85e3954feddc49b80b0a2a9a868d5fa928cb9fb018c1b2c7b327b42dc23c6091294c8ecaa613292004ea1bb86313468e93360

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9adc75d623f7af614a5e1aabf650b115

    SHA1

    c8c3a73f9040f318e13a9c5c290f8d01faa6d601

    SHA256

    6e472192293b561c1daffef9e8abc78cbdd76d19ae494fedea11397a8fd6232e

    SHA512

    78636e9741792d63b91c68fbb316e8863b84063ee553832f9dafa444303522aa42deb10a93f27d36163d74817ed029aabb619a8eb532b42d401838d98137c7f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbbd7b6ae286b3ee9028e8664254d0d6

    SHA1

    c11d78cd7cdf1f943b66d2d803b25cdb88425b15

    SHA256

    cb11ae6e634e873936beee2f96287bfe1de222ff9cb0b654db5fb1f1d7a4fd1a

    SHA512

    195ae18e0a3b74acd37c57865ea33e834ec1a3bb7c5042516fc9eac89af8dd76903fa9c860366e940ce8fea2a1cdf9f2b2d734ecf590b16e035621c53b5281f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c1d276330fce5d2c49fe5b7ece75a8f

    SHA1

    c57b58d9aad45b099d4dd28604a634374d5103b9

    SHA256

    d413832570946ead82ae9462c93a8759fc0fc51f30c35c40baa25a18dc9cdb4f

    SHA512

    ed7211a7cdcfc9208555ec174150b5d84c6ae9a7fe6f95985fdd0ba0d058199194c274bc021a2d8785e15c36bea1bc64514537826a021981b5a04c7f4536ef58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    924ce8314c0fb8e4936b75ea68c31b68

    SHA1

    5a7d58a827c0095c8a43611121e58ffde3a79c19

    SHA256

    1d9b78fafcc3596148440c02510b93c7e4da71449c006d7bd4f5543901a1d424

    SHA512

    ad780361d409c0a4ebab81e6d1bf0ad8718de02362631efa77e0d0bdf3ae7ac2489ff240613bafd0fff6c786b9ec37d423701410ad9cf214223b8bd5846f8c92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66e629d2f3b1c6d745b19138e597f503

    SHA1

    81b42d339b3feba7291996f945ce17b832e780ac

    SHA256

    c286de455ded7b9175527af4397940d85d1108ab1bbd3a127f7ab6cfe1927e15

    SHA512

    80a1e27cfacc0050bc83464ef1b86ae2e184e2c21dc98f0cd6bc0baa4525b602423cad036924e47567bc1654c050db40f5c4e8d257a855e288dd9e04db874306

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2225ec7451d231d2ee4f4a3e1528085

    SHA1

    cb6d2aa07d63eeb9570ac83d4675633dd7112bc1

    SHA256

    992b6ca6263a061ea588b3adf85d77d6f23db66c78210a70a55a221f5c84af85

    SHA512

    e5847680693e2ff7ad00fd94e133d3cabb230bbd9307eea9802dea5d8c2d9184b73dca89f572a46f3a15349087fa44d8fff5a151448421aad5ad57b299e4a16e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67d5f36c91c99c4c4a8896b2c38c40e5

    SHA1

    ac37d7fa0ef1f7f4402f6cf1da399ee03be41cbc

    SHA256

    352d4f5f6ee5e98c6ba82c7f0eca7eeab1a2b81ba4d9aab801b20a018ddb94d3

    SHA512

    f699e9fb2800c8ae97ee372ed0cc0e7af99cd78edcde0abcc2b8f34d86edc747f7ff2a4bdd718744ede5dfd1da8abb6c94ef25fa6042dd40446852983edffb28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbe8ac3c2442eb7125b5d9c312560917

    SHA1

    2a7168ded995542a0d4145e5062a7b6942d2edd0

    SHA256

    592da4972ee37f7a322a4e01d6b306e0b31401913681c471da7e2cc753814efc

    SHA512

    4a2b52e6bcd3a310eb3518d08bd1ade4ec80ea0584a2269eb27fd358120e6af07290397bb150d74cf38ef4672138390d44f7debc6127e3d95969837e961379ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82daebf7ad48c0693475e085ad919fd0

    SHA1

    a92a35f868fdf34fd00c7525a0cb28138937b8f3

    SHA256

    f576f8f256d8015664a53bf79ebc7f8c7e263595e989753c275ca00fd97f60c4

    SHA512

    f44b87b582e89183ea1153bbd3a8d62c7a89adf00f16ab6ae0d1f0a8350a2d7b4f715009bd5ae254d3699397844e1419cd3efa95c6ad84009c41d39ff4e2571f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ef4e0142651bdcf9a465a2c57a6426e

    SHA1

    d8f95035db6a869b53976cb0ca30226bf9dc5d99

    SHA256

    07db07b57648af9e901e44f3c41d659209d4ba17aee6410a35862a524eaccdf5

    SHA512

    9cb708bd7297d402bca0c060ceccd05c14b2de6f81cf37d4aa42206d5c3be86e6c68ff1eabba672964e44beb6c847824d43988797ba5cac20387d961763103a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca6f152f95c911b07f967b9f86503439

    SHA1

    a3576874a3be4486ed1dd96dac64bbadfdbdfade

    SHA256

    8be018e373bea285179b81e6a3ea5c29022a5a2dc688977423101a1aeeab9edd

    SHA512

    1d35aa7a16cd20c82e33a1a46f30288780bc8825f04bb403221407649beecb17ceed941b7451983c1abe553036eabb203c77962087288b609c975c8b9a3b4155

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad4c025b356a72563041b139500b9840

    SHA1

    dcede855a02b4785a65ff2401ddb7806dc74ada2

    SHA256

    badd361090a916b825945db9e894700bc5b4db6b04e0c44d94344cb8fa7cb5db

    SHA512

    bb71e7e3d99bf247d75c427eb39c3827f17614621e2e90038be78b4e512c442cf0c070a1195b3a7a450d132ebaabdcc0538dc2a9bcee7e76b86ba8a1167709e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27a539e112384c93c2a90de24f0369be

    SHA1

    3bdb9b731a24ea7e38254637d44433b74a2d1d2a

    SHA256

    624749854a86d72f02b5f6047fb580237958146f9f3cf61bc8e7d836c302b83c

    SHA512

    435600de6b2a4634403f27097022d8c6a590311e2842890d8b4b8953127a6a68fd5f3325c6c7f36d62dd0c43dba486e0b1ec0615da06a5f8d14d3c34bd989f8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9d884df4ab164ff5f666217ae1fe652

    SHA1

    21a789fc18589bd3ae58e54052d6cbe930e531a4

    SHA256

    db4adc22b53226e49e0ecfee55edbbb6de0a6a0c735c523ac3bec809c0691a1c

    SHA512

    ec0d34564ecb2e0583a6bb6f31a81535104969bbd06be630f701b427e1446a4c34e8a1078dab9a85b144ad832bebf3a37fdc0f84d273cb0f1ebea08b7efe1c2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de3435457a2b7a448ee5a8e27a80dc5f

    SHA1

    11bbdacad06c2a3eca9b029a807676d8197042b4

    SHA256

    205f50845b382d8a0ccaf3d07a469a695504172c51894f6996750509d8d78ae7

    SHA512

    ae2cb02dbbc2b2df5cea0ed0a34983b22ce00f7f57dbe744da6fd5b66dcee856c234f02eb783df6b914210613f5d1a2b00b158a3950007795e87431bdfd57dd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2496b5ac439c5eab242f95268e09b22

    SHA1

    2447e547a43b9be482ab11fa3bd922bf6afd5feb

    SHA256

    f38ffa63884acd26ed0677d75dc79dd95aa2a92da3b280595c44d0f5aae51904

    SHA512

    58ce01a0862641d2ba29112a7404d36b634b5ecfb811db886698a9d5c96e45f7e85e1fb854e16b8084d31513452cb1e5b65a5aacd37559012f2465c03b8a968f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9A20.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9AFF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1756-7-0x0000000000540000-0x0000000000542000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1756-0-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1756-1-0x00000000008B0000-0x0000000000903000-memory.dmp

    Filesize

    332KB

    Download

  • memory/1756-2-0x00000000003E0000-0x00000000003FB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1756-6-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download