Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
15-12-2024 11:45
Static task
static1
Behavioral task
behavioral1
Sample
f3d8f2cf1d8faf3bf57fa4fb53f28140_JaffaCakes118.exe
Resource
win7-20241010-en
General
-
Target
f3d8f2cf1d8faf3bf57fa4fb53f28140_JaffaCakes118.exe
-
Size
228KB
-
MD5
f3d8f2cf1d8faf3bf57fa4fb53f28140
-
SHA1
00490312cd86766657bb413e66deb81144ed3a96
-
SHA256
b53e33675de30f4bf86518bc21c104bc88ee97025b3a47d8c697b0539e50cd34
-
SHA512
c14c5149fd7daaf0987a829bd3157e5ad5e70c746fa67347393cbb0bc92e74ddcfba1ed435edaa01b4bc54ccdac84338ab46d34ceb551401026b6254ebb79b50
-
SSDEEP
3072:hC0fyjm4tt4JVJrwfv1hdjZhsfYy3tXwpY1GMOJd4t1p+srU3qH4VdW2Ujuy/zSz:FydttkVJrqxLAwVMO+v+sSEdK
Malware Config
Extracted
gozi
Extracted
gozi
1000
rababyici.com
vurufvapu.com
nighibnos.com
-
exe_type
worker
-
server_id
12
Signatures
-
Gozi family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f3d8f2cf1d8faf3bf57fa4fb53f28140_JaffaCakes118.exe