Overview

overview

10

Static

static

3

f440fa474c...18.exe

windows7-x64

10

f440fa474c...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f440fa474cd9b56eabcaec533575534c_JaffaCakes118

  • Size

    784KB

  • Sample

    240924-w4r8vaxhrq

  • MD5

    f440fa474cd9b56eabcaec533575534c

  • SHA1

    e2b186cc7a5aabb2e6f57cc4ce870d051c68c2ff

  • SHA256

    ffab60c984ea7cb26874a93eda9fa5d9af376465e5a5b54770a511b377e55cb9

  • SHA512

    949ba35475709f5ca2fa2b4cb2e3df43e62ed16c3641949f5092fdf3c24b754d619dfd864bc2f2555e1c19069aba18ebb0e05d6b6a6af1c217c2e10f472655e0

  • SSDEEP

    12288:oDYGqPDIHSAUoE6G5l0ogbUaUQiydcgoG4YLlcHYK3L9jIq:Y/qrIHuP1l8UQiWcSlctFF

Score
10/10
gozi1000bankerdiscoveryisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1000

C2

polinodara.com

minotaris.com
Attributes
  • exe_type

    worker

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      f440fa474cd9b56eabcaec533575534c_JaffaCakes118

    • Size

      784KB

    • MD5

      f440fa474cd9b56eabcaec533575534c

    • SHA1

      e2b186cc7a5aabb2e6f57cc4ce870d051c68c2ff

    • SHA256

      ffab60c984ea7cb26874a93eda9fa5d9af376465e5a5b54770a511b377e55cb9

    • SHA512

      949ba35475709f5ca2fa2b4cb2e3df43e62ed16c3641949f5092fdf3c24b754d619dfd864bc2f2555e1c19069aba18ebb0e05d6b6a6af1c217c2e10f472655e0

    • SSDEEP

      12288:oDYGqPDIHSAUoE6G5l0ogbUaUQiydcgoG4YLlcHYK3L9jIq:Y/qrIHuP1l8UQiWcSlctFF

    Score
    10/10
    gozi1000bankerdiscoveryisfbpersistencetrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks