Overview

overview

10

Static

static

3

JaffaCakes...4b.dll

windows7-x64

10

JaffaCakes...4b.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6d19504806c10e02479882d0b7ca51648cedb4cb38451ca381096de74c97794b

  • Size

    626KB

  • Sample

    241222-mfzhksvlfr

  • MD5

    5ddc5d5aae63714f1563c32bc0e1bc6e

  • SHA1

    9c5528b3b883c2ef15dc8f9ae448a5a025a723ec

  • SHA256

    6d19504806c10e02479882d0b7ca51648cedb4cb38451ca381096de74c97794b

  • SHA512

    b0e8b07677c2af94d764464d384ab73bcef5fceb5a782bcb32d687c5b1c107735c66572860328d70a8f7dc13c5bbde72b1190c444a9528cc3745f766708a2de6

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zc:+w1lEKOpuYxiwkkgjAN8Zc

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_6d19504806c10e02479882d0b7ca51648cedb4cb38451ca381096de74c97794b

    • Size

      626KB

    • MD5

      5ddc5d5aae63714f1563c32bc0e1bc6e

    • SHA1

      9c5528b3b883c2ef15dc8f9ae448a5a025a723ec

    • SHA256

      6d19504806c10e02479882d0b7ca51648cedb4cb38451ca381096de74c97794b

    • SHA512

      b0e8b07677c2af94d764464d384ab73bcef5fceb5a782bcb32d687c5b1c107735c66572860328d70a8f7dc13c5bbde72b1190c444a9528cc3745f766708a2de6

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zc:+w1lEKOpuYxiwkkgjAN8Zc

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks