Overview

overview

10

Static

static

10

JaffaCakes...20.dll

windows7-x64

3

JaffaCakes...20.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_46e35620df547e528029f67e60ee1b3f7263d7f8a20141cf040e13cc7c465f20

  • Size

    528KB

  • MD5

    535aa4829807f334644c0c004b915317

  • SHA1

    39613fb1c266a68c3c6c8919b1790b11e81f3e25

  • SHA256

    46e35620df547e528029f67e60ee1b3f7263d7f8a20141cf040e13cc7c465f20

  • SHA512

    64696f7aa7f5e33dcabd664e2f3e68c63b93013c0dd76a1c5d46560e9f7b4e4ab48400dc071da24adfb72f3fc4aac045e87390e7d2799b2fcbb72d7568cdc9fe

  • SSDEEP

    1536:qzA3IdWuuUN0eWpPNu7iZEf1IpK7GHFV9:qzA3IdWuuUN0egPNQi27k

Score
10/10
isfb3000gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

185.154.53.214

185.154.53.188

46.30.42.246
Attributes
  • base_path

    /drew/

  • build

    260226

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
    gozi
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_46e35620df547e528029f67e60ee1b3f7263d7f8a20141cf040e13cc7c465f20
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections