Overview

overview

10

Static

static

3

JaffaCakes...75.dll

windows7-x64

10

JaffaCakes...75.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6388c003e1d7498ab4667d7ff00223072a0617d0f44b1aa76427b896f8ebcf75

  • Size

    625KB

  • Sample

    241222-b9w4rsymfq

  • MD5

    7401c7b9259d8872f9b09ad94ff8397f

  • SHA1

    c2bb46c88aaf8c1f31b43c2b2791ae8c67c950ce

  • SHA256

    6388c003e1d7498ab4667d7ff00223072a0617d0f44b1aa76427b896f8ebcf75

  • SHA512

    71dae567ad620fdb4b1ec4ff3d17915a0e0dedc9c46155edd00853d60c901dea5385af6906ed78bcf90b3e2ecd1dcb0cf3b55f5b12af8b5385c412f8570c8d25

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zh:+w1lEKOpuYxiwkkgjAN8Zh

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_6388c003e1d7498ab4667d7ff00223072a0617d0f44b1aa76427b896f8ebcf75

    • Size

      625KB

    • MD5

      7401c7b9259d8872f9b09ad94ff8397f

    • SHA1

      c2bb46c88aaf8c1f31b43c2b2791ae8c67c950ce

    • SHA256

      6388c003e1d7498ab4667d7ff00223072a0617d0f44b1aa76427b896f8ebcf75

    • SHA512

      71dae567ad620fdb4b1ec4ff3d17915a0e0dedc9c46155edd00853d60c901dea5385af6906ed78bcf90b3e2ecd1dcb0cf3b55f5b12af8b5385c412f8570c8d25

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zh:+w1lEKOpuYxiwkkgjAN8Zh

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks