Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...9e.dll

windows7-x64

3

JaffaCakes...9e.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_96694324049f8389fb27c0d414f29c8b509ed2142bdb6c945bf6ce5515311a9e

  • Size

    528KB

  • Sample

    241222-gmw35swrcm

  • MD5

    c1bfa8a21ae70987bc088612c951a8d2

  • SHA1

    b7e17762104d7755431d7a2d848fbc23d0969030

  • SHA256

    96694324049f8389fb27c0d414f29c8b509ed2142bdb6c945bf6ce5515311a9e

  • SHA512

    e533c9b6ddfcf162f57772d8f76ccf0d722569f3c2dccfd4151da91b5588e56ecd05ac6d0ebe2f23fe171d40c3a9f4f9f32439bd3d2183f619af6edb111a05a3

  • SSDEEP

    1536:7c/Wtm8uuUN0eWpPNu7iZEf1IpK7GHFV9:7c/Wtm8uuUN0egPNQi27k

Score
10/10
gozi3000discoveryisfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

185.154.53.214

185.154.53.188

46.30.42.246
Attributes
  • base_path

    /drew/

  • build

    260226

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_96694324049f8389fb27c0d414f29c8b509ed2142bdb6c945bf6ce5515311a9e

    • Size

      528KB

    • MD5

      c1bfa8a21ae70987bc088612c951a8d2

    • SHA1

      b7e17762104d7755431d7a2d848fbc23d0969030

    • SHA256

      96694324049f8389fb27c0d414f29c8b509ed2142bdb6c945bf6ce5515311a9e

    • SHA512

      e533c9b6ddfcf162f57772d8f76ccf0d722569f3c2dccfd4151da91b5588e56ecd05ac6d0ebe2f23fe171d40c3a9f4f9f32439bd3d2183f619af6edb111a05a3

    • SSDEEP

      1536:7c/Wtm8uuUN0eWpPNu7iZEf1IpK7GHFV9:7c/Wtm8uuUN0egPNQi27k

    Score
    3/10
    discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks