General

  • Target

    JaffaCakes118_96694324049f8389fb27c0d414f29c8b509ed2142bdb6c945bf6ce5515311a9e

  • Size

    528KB

  • MD5

    c1bfa8a21ae70987bc088612c951a8d2

  • SHA1

    b7e17762104d7755431d7a2d848fbc23d0969030

  • SHA256

    96694324049f8389fb27c0d414f29c8b509ed2142bdb6c945bf6ce5515311a9e

  • SHA512

    e533c9b6ddfcf162f57772d8f76ccf0d722569f3c2dccfd4151da91b5588e56ecd05ac6d0ebe2f23fe171d40c3a9f4f9f32439bd3d2183f619af6edb111a05a3

  • SSDEEP

    1536:7c/Wtm8uuUN0eWpPNu7iZEf1IpK7GHFV9:7c/Wtm8uuUN0egPNQi27k

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

185.154.53.214

185.154.53.188

46.30.42.246

Attributes
  • base_path

    /drew/

  • build

    260226

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_96694324049f8389fb27c0d414f29c8b509ed2142bdb6c945bf6ce5515311a9e
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections