Overview

overview

10

Static

static

3

JaffaCakes...82.dll

windows7-x64

10

JaffaCakes...82.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_70c85dac35700151c8aff10ce8dcff93257e709111f1e23cdb849f7bf2976a82

  • Size

    624KB

  • Sample

    241223-zrjygs1mel

  • MD5

    cd1f33f249a7e319a4fe158d2c72e29b

  • SHA1

    0ae37f4dd72693fffaa46296eb1e6fd4a636c17d

  • SHA256

    70c85dac35700151c8aff10ce8dcff93257e709111f1e23cdb849f7bf2976a82

  • SHA512

    2cc92be85849798fb9f308f83ef6e3a5f059b522c761a8f13016092b878e0b9b3b4ed6339a552e5d9e35ab38a7c17ee2913453b0fe5df5eca0d9f1be3a33a06b

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZB:+w1lEKOpuYxiwkkgjAN8ZB

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_70c85dac35700151c8aff10ce8dcff93257e709111f1e23cdb849f7bf2976a82

    • Size

      624KB

    • MD5

      cd1f33f249a7e319a4fe158d2c72e29b

    • SHA1

      0ae37f4dd72693fffaa46296eb1e6fd4a636c17d

    • SHA256

      70c85dac35700151c8aff10ce8dcff93257e709111f1e23cdb849f7bf2976a82

    • SHA512

      2cc92be85849798fb9f308f83ef6e3a5f059b522c761a8f13016092b878e0b9b3b4ed6339a552e5d9e35ab38a7c17ee2913453b0fe5df5eca0d9f1be3a33a06b

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZB:+w1lEKOpuYxiwkkgjAN8ZB

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks