Overview

overview

10

Static

static

3

f5d06684a2...18.exe

windows7-x64

10

f5d06684a2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5d06684a267de443e1c560507a1240b_JaffaCakes118

  • Size

    265KB

  • Sample

    240925-mlwzmsteqe

  • MD5

    f5d06684a267de443e1c560507a1240b

  • SHA1

    ea0c667285b9da46cc39096572c09af3ec42d2e0

  • SHA256

    625194578494f0e24da88a95014a7b00f941ae04b04e109dbb223cec2bfb0d2c

  • SHA512

    9f55a222a39e403a42f409baee261b6413c6b77e0fe01ca81785b777832d0c282a69ae0230c21aac3c28db34dec6c1b7f8ccfb888d40362fee37441231deecad

  • SSDEEP

    3072:4OUqH7tRFNhHm/4FBVlhmhvXsk/GYtnkAtc3MmJNz7YaoXryNnv0uLT+K/5XK3mL:/7t9hpHlIt/GYiJV7Yaq2nvNLT7/I3m

Score
10/10
gozi3170bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    217161

Extracted

Family

gozi

Botnet

3170

C2

oozoniteco.com

cetalischi.com

duvensteut.com
Attributes
  • build

    217161

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      f5d06684a267de443e1c560507a1240b_JaffaCakes118

    • Size

      265KB

    • MD5

      f5d06684a267de443e1c560507a1240b

    • SHA1

      ea0c667285b9da46cc39096572c09af3ec42d2e0

    • SHA256

      625194578494f0e24da88a95014a7b00f941ae04b04e109dbb223cec2bfb0d2c

    • SHA512

      9f55a222a39e403a42f409baee261b6413c6b77e0fe01ca81785b777832d0c282a69ae0230c21aac3c28db34dec6c1b7f8ccfb888d40362fee37441231deecad

    • SSDEEP

      3072:4OUqH7tRFNhHm/4FBVlhmhvXsk/GYtnkAtc3MmJNz7YaoXryNnv0uLT+K/5XK3mL:/7t9hpHlIt/GYiJV7Yaq2nvNLT7/I3m

    Score
    10/10
    gozi3170bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks