General

  • Target

    JaffaCakes118_6ca809f6d8f61a99f4717e8f934c90ba419dc4b1e5db7ccedc5b24741972133f

  • Size

    626KB

  • Sample

    241221-3r1g1svker

  • MD5

    2dde17bd6194390875bf27af7a4b125d

  • SHA1

    fd8b1eed36b078cda5eaed254bc8a04708709447

  • SHA256

    6ca809f6d8f61a99f4717e8f934c90ba419dc4b1e5db7ccedc5b24741972133f

  • SHA512

    8ab1be245849ed9320e4e200a716f56e6d590200662bd1cbf375cf1fb88c9206ddcfcdba86d1ea1eab0b5b3a06215c27dbe9ca955be5c0deef25b754bad16eef

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZV:+w1lEKOpuYxiwkkgjAN8ZV

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_6ca809f6d8f61a99f4717e8f934c90ba419dc4b1e5db7ccedc5b24741972133f

    • Size

      626KB

    • MD5

      2dde17bd6194390875bf27af7a4b125d

    • SHA1

      fd8b1eed36b078cda5eaed254bc8a04708709447

    • SHA256

      6ca809f6d8f61a99f4717e8f934c90ba419dc4b1e5db7ccedc5b24741972133f

    • SHA512

      8ab1be245849ed9320e4e200a716f56e6d590200662bd1cbf375cf1fb88c9206ddcfcdba86d1ea1eab0b5b3a06215c27dbe9ca955be5c0deef25b754bad16eef

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZV:+w1lEKOpuYxiwkkgjAN8ZV

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks