General

  • Target

    JaffaCakes118_525600a23d6b55bc740abf7e6df42a17bf7873aef667ad9f35835e1cbf5862af

  • Size

    44KB

  • MD5

    4f11c41c1103266ac8158e616af88cbe

  • SHA1

    02f977e958097e6f402544d3b8c48979a8ff9cdd

  • SHA256

    525600a23d6b55bc740abf7e6df42a17bf7873aef667ad9f35835e1cbf5862af

  • SHA512

    cbc3dacdd4c134a35f699b62ba8f348c907a6b869551ac9c941f45684d200672d731f84b283137e4f9ef84f6fdca06e39d61bad0a0bca6ac8e35c629d432dd16

  • SSDEEP

    768:/fl+nrGv4jsSCe1LYI6cN3l+p0AHnM7/mPrZG96A/6ENTaQY8xoQRL:/t+nljstwYIRcyenM7gU9/6oTaQYXo

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7408

C2

signin.microsoft.com

linolleum.com

linolleum.bar

infomeetc.co

Attributes
  • base_path

    /includes/

  • build

    250196

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    loader

  • extension

    .img

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_525600a23d6b55bc740abf7e6df42a17bf7873aef667ad9f35835e1cbf5862af
    .dll regsvr32 windows:5 windows x86 arch:x86

    6e9163c62b29a1ccabed40ce8621a95a


    Headers

    Imports

    Exports

    Sections