Overview

overview

10

Static

static

3

eedc6ece43...18.exe

windows7-x64

10

eedc6ece43...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-12-2024 12:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eedc6ece437f7a34abf793dc9400ae76_JaffaCakes118.exe

  • Size

    467KB

  • MD5

    eedc6ece437f7a34abf793dc9400ae76

  • SHA1

    2e3e6f6faf8a9661ba46908a903da08a4126044b

  • SHA256

    5cb9d7744b561570a529f2820f392dad98aa52c4dfd9ebe771a6381636fe8cae

  • SHA512

    b3356777df19cabc9070682c3be2fdfbd93cd902136dfe829698fa9fa86cb495fb9732c27c42aa6510bd79ecc449e16ba0758d2727a1a877cbe99bb3c5173e0e

  • SSDEEP

    6144:2DOcDOxAYNKc6oerYWfIZZVxYeOaUowKkxgkEfEUbfxCh0fO/W/cvd5nQH3lFCCs:2OcDOxAQKc4YWKe/7mvCh0CRvdP

Score
10/10
gozi3001bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3001

C2

return901.ru

ferresita.ru

tmp1.super-list.ru

net7.dns9free.ru

new-recv.org.kz
Attributes
  • exe_type

    worker

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Gozi family
    gozi
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\eedc6ece437f7a34abf793dc9400ae76_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eedc6ece437f7a34abf793dc9400ae76_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2648-0-0x00000000021D0000-0x00000000022E0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2648-1-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2648-2-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2648-3-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2648-4-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2648-5-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2648-6-0x00000000021D0000-0x00000000022E0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2648-7-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2648-8-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2648-9-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2648-12-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download