Overview

overview

10

Static

static

3

eedc6ece43...18.exe

windows7-x64

10

eedc6ece43...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-12-2024 12:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eedc6ece437f7a34abf793dc9400ae76_JaffaCakes118.exe

  • Size

    467KB

  • MD5

    eedc6ece437f7a34abf793dc9400ae76

  • SHA1

    2e3e6f6faf8a9661ba46908a903da08a4126044b

  • SHA256

    5cb9d7744b561570a529f2820f392dad98aa52c4dfd9ebe771a6381636fe8cae

  • SHA512

    b3356777df19cabc9070682c3be2fdfbd93cd902136dfe829698fa9fa86cb495fb9732c27c42aa6510bd79ecc449e16ba0758d2727a1a877cbe99bb3c5173e0e

  • SSDEEP

    6144:2DOcDOxAYNKc6oerYWfIZZVxYeOaUowKkxgkEfEUbfxCh0fO/W/cvd5nQH3lFCCs:2OcDOxAQKc4YWKe/7mvCh0CRvdP

Score
10/10
gozi3001bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3001

C2

return901.ru

ferresita.ru

tmp1.super-list.ru

net7.dns9free.ru

new-recv.org.kz
Attributes
  • exe_type

    worker

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • Gozi family
    gozi
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\eedc6ece437f7a34abf793dc9400ae76_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eedc6ece437f7a34abf793dc9400ae76_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4884-0-0x0000000002600000-0x0000000002710000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4884-1-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4884-2-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4884-3-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4884-4-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4884-5-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4884-6-0x0000000002600000-0x0000000002710000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4884-7-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4884-8-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4884-9-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4884-10-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4884-12-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/4884-14-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download