Overview

overview

10

Static

static

3

f2b8919e6b...18.exe

windows7-x64

10

f2b8919e6b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-09-2024 17:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2b8919e6b5c1eccd3e0f8d33e244971_JaffaCakes118.exe

  • Size

    269KB

  • MD5

    f2b8919e6b5c1eccd3e0f8d33e244971

  • SHA1

    a53f5ce03252c9ae946774fdf508752141e512d0

  • SHA256

    8d539adc3ed28c1eafffb0f31301a87e5a8b0747e921f4fc8ec8b94e021b7c48

  • SHA512

    c019c5de63de23c01400fed866ce76260fdd16a53b7e570631fff11385245be0d6389bce5a749d4a956b417dd07f3bcc57943ac5a1985493004a38179f7870dc

  • SSDEEP

    6144:QVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:QVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f2b8919e6b5c1eccd3e0f8d33e244971_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f2b8919e6b5c1eccd3e0f8d33e244971_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1984
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2748
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59e5bc6f99f9c7ddda96a16b5b88546d

    SHA1

    e5e77a1b0672c1ffe6cb88a1f50a39ddf354f8aa

    SHA256

    5f90a68ec63ae549d4f715463c39191be3798a8337b0418427613c749f2147e3

    SHA512

    5e94f967b38261dfbed46f30a1edd41b7ba6fa4ec3ec00260768e97cfe6c0db8a41f7926dbf5fe7b78d335e2117c7d7cf102884354b5456a9c30f23973c15deb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8155abdf09f488b71deed9e0ec719708

    SHA1

    ea4a1519cc88fd63077832a6dd0333d8330ac531

    SHA256

    d2ad855a01dc3409e17b6023dba4ab8cd0c3ba78daf427324a57c9dc82d7daf5

    SHA512

    1b2b4cf4386f11572de56936ed257b6851ed50083270558a5598181870873f7465684ec5ba5d54202eec92fffbc0b6b9e305d418a2017ebd3f1d4fc587835633

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    536737b9676e276f50babed6cc197043

    SHA1

    25b10a4426eda40f822852a8424cd0ba8f4f0ccd

    SHA256

    c3cfd3f74a15dc3e70ed98053eee746b0827e3244c5376eee97695cc9e3d5cee

    SHA512

    7bedb0c5f04873af0401f41295755689212240ae7b83f3d3f082f8b041977f3359edd431364694c4649133bba96aa6b7242cef7287ff1dcfa0f0323434047069

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    497fce157d802e3f6a09bf107d74401b

    SHA1

    d50cbc882586ec4cea6c96a46660c9b333ad815f

    SHA256

    08ac9d0506c552b3968423002323660f53d92f7381cd8cf2f2048279af98c4a9

    SHA512

    baa98786b8d9d27ac2d24c69cfdecbb58f3a1f96173a2c02ead23c4e21ea7347687751aac08611e7dc409d2e5123ef7a0059d38f9c784ec15bbf046492139f5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    397b0da1d7959f1e1c8f3c1627702c62

    SHA1

    4cf97df0c737d898e5a83c6d81f00ed8d0d13b43

    SHA256

    224561df20b7f80ecb72b4941e1134b75b48b09d3e869cc9b12bd298854d6e27

    SHA512

    75066670aec1d7dd3265af065b6554a874d847ab54219d0f223e547d0fa556e09ec8cd0aefbc0f416877110f1e94b4cb83d76166c3cb6590bdb4ce9a79815b84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3cf91b52e06844618c80f68064d7fd5d

    SHA1

    ae0c5fc74907a3dfda25c09d558944c77c4b522b

    SHA256

    3394a845623bb0bcb7b37fba6fe534b5aeb4c56352081712442eecb23d6578b0

    SHA512

    32680e001e1068c40cb38f088a7277d623aea99e2cd14edc2ef8eb99e58950aea9d7e1e0c8aa520d51122011a4e5dfc8777e7b37dc4feed0c96d5e4deac352a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dad1b9d2d7e629398d74a3bcf0676fc6

    SHA1

    0e25511f346fd4c564eea2753f41466b8823c21e

    SHA256

    7feab4066acc036e16d97fd85e55017ef52820942379b839f15c14cbcf2bf88c

    SHA512

    7157e1b2cd7f1fcfd4e6417353eab755c2157424dd1be88571e6dbb18df415118182df146c7a05a66492a174adc42269628d24ddb28848aacacda192201ddfa9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3bbc982757df64799361553705118b2

    SHA1

    178c58bc4a7799be6d72a68b2f28bc287bc6f378

    SHA256

    10d9a6db7ae3a7026df949a5e69eba302b52b6ae22b36c65274c232e4c68cc03

    SHA512

    6fc8fbfe8880e47bc1c9dc309dccdebe2987c342b6c49061422b0f660b3dceaf62a67e298c4ee96b93874c8082ee83df3f4b6530a0cb7de0a4fcef4469966e59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22696b7a49f9ecb1caf5dd490e86e8c6

    SHA1

    7c05d92457fd0ced0f0fa272649585dde9b79c44

    SHA256

    9a9485858dba02e2db7584c1c7c75b38234e0d9d80c06d10830ac9652039f6e8

    SHA512

    f114ce3410b98ffc7993b3997fd5b413a1c07b7b1b76c77f2a45661250205a45f183ede993350237a280ed5a6c6f65ed83f180081074f17ff0aba81550a9d73b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4B5.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar516.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1984-7-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1984-6-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1984-2-0x0000000000120000-0x000000000013B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1984-1-0x0000000000AF0000-0x0000000000B43000-memory.dmp

    Filesize

    332KB

    Download

  • memory/1984-0-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download