Overview

overview

10

Static

static

3

JaffaCakes...b0.dll

windows7-x64

10

JaffaCakes...b0.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5c31a716e5f446d7b4ba6fa5f75b71072bf96947964e9e6818231ac333ccd5b0

  • Size

    626KB

  • Sample

    241224-l78pwsvmbj

  • MD5

    788dcab5345bad59e53b4d6c3431dcef

  • SHA1

    64b9f3c5a71f31851f00af2692d66624f15e9ed2

  • SHA256

    5c31a716e5f446d7b4ba6fa5f75b71072bf96947964e9e6818231ac333ccd5b0

  • SHA512

    18ce65f269777fcda9a5c8452a72fef8d1cce891b98105222f575766d876a51f693468234ad995ff8dc076ab1d6dafe05b26bad600b521232e4affc5e84b7a98

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZH:+w1lEKOpuYxiwkkgjAN8ZH

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_5c31a716e5f446d7b4ba6fa5f75b71072bf96947964e9e6818231ac333ccd5b0

    • Size

      626KB

    • MD5

      788dcab5345bad59e53b4d6c3431dcef

    • SHA1

      64b9f3c5a71f31851f00af2692d66624f15e9ed2

    • SHA256

      5c31a716e5f446d7b4ba6fa5f75b71072bf96947964e9e6818231ac333ccd5b0

    • SHA512

      18ce65f269777fcda9a5c8452a72fef8d1cce891b98105222f575766d876a51f693468234ad995ff8dc076ab1d6dafe05b26bad600b521232e4affc5e84b7a98

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZH:+w1lEKOpuYxiwkkgjAN8ZH

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks