General

  • Target

    JaffaCakes118_01042bcfe616d96a813a5a41dee803867c1ae88d50d39281f950289490140c87

  • Size

    626KB

  • Sample

    241222-dl4vta1lcv

  • MD5

    7994eebe7609425f65ba3f06f8df9d77

  • SHA1

    1d445f8874ead132af49ee9244b96a923851a5f5

  • SHA256

    01042bcfe616d96a813a5a41dee803867c1ae88d50d39281f950289490140c87

  • SHA512

    0be9d7e718553a30e4068848477dda175382b9fd2ad735644df4c4c9f72342db4abe85656c2e110f0e2ea77dd5dde0faae2426277e113e65abcfcbfd49e50844

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZL:+w1lEKOpuYxiwkkgjAN8ZL

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_01042bcfe616d96a813a5a41dee803867c1ae88d50d39281f950289490140c87

    • Size

      626KB

    • MD5

      7994eebe7609425f65ba3f06f8df9d77

    • SHA1

      1d445f8874ead132af49ee9244b96a923851a5f5

    • SHA256

      01042bcfe616d96a813a5a41dee803867c1ae88d50d39281f950289490140c87

    • SHA512

      0be9d7e718553a30e4068848477dda175382b9fd2ad735644df4c4c9f72342db4abe85656c2e110f0e2ea77dd5dde0faae2426277e113e65abcfcbfd49e50844

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZL:+w1lEKOpuYxiwkkgjAN8ZL

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks