Overview

overview

10

Static

static

3

JaffaCakes...7f.dll

windows7-x64

10

JaffaCakes...7f.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5d3b10b1fcdb32dea714014a816846d270e38e1ce3082f0f0973b02d30d2b27f

  • Size

    626KB

  • Sample

    241222-p12jsayraq

  • MD5

    0b41075868ceadca9bd29d8565704bf0

  • SHA1

    aaa79c50e4d4d7eac5e2e7aaa44268622b926423

  • SHA256

    5d3b10b1fcdb32dea714014a816846d270e38e1ce3082f0f0973b02d30d2b27f

  • SHA512

    3ce8a6ce453b0b7971272f2f6777c62cf63adb729e328f77096e572bb4d33f575a8e3a83877c352edf43f89703450e0d71a25a490dc997ea4ba78c0729fd9fa6

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zf:+w1lEKOpuYxiwkkgjAN8Zf

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_5d3b10b1fcdb32dea714014a816846d270e38e1ce3082f0f0973b02d30d2b27f

    • Size

      626KB

    • MD5

      0b41075868ceadca9bd29d8565704bf0

    • SHA1

      aaa79c50e4d4d7eac5e2e7aaa44268622b926423

    • SHA256

      5d3b10b1fcdb32dea714014a816846d270e38e1ce3082f0f0973b02d30d2b27f

    • SHA512

      3ce8a6ce453b0b7971272f2f6777c62cf63adb729e328f77096e572bb4d33f575a8e3a83877c352edf43f89703450e0d71a25a490dc997ea4ba78c0729fd9fa6

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zf:+w1lEKOpuYxiwkkgjAN8Zf

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks