Overview

overview

10

Static

static

10

JaffaCakes...d8.dll

windows7-x64

3

JaffaCakes...d8.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_20bf5bdd2e40d8c49ab9ef2214abaa53307e39cf7dbb2f201ff996a203d802d8

  • Size

    528KB

  • MD5

    358fba9474496761d003eca6a95bdfa4

  • SHA1

    9c35357be80b8d7e58cf6b37a254eac8ec1cb4e3

  • SHA256

    20bf5bdd2e40d8c49ab9ef2214abaa53307e39cf7dbb2f201ff996a203d802d8

  • SHA512

    f562e6101926600810a4355950fb10dc9ec104ad2c1859e1b67a33164bab5694a119ca39cf71c80fd9a2920e903ef16fae593c7a95edcce5e8fc0a6b40f1137f

  • SSDEEP

    1536:CD4P8puuUN0eWpPNu7iZEf1IpK7GHFV9:CD4P8puuUN0egPNQi27k

Score
10/10
isfb3000gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

185.154.53.214

185.154.53.188

46.30.42.246
Attributes
  • base_path

    /drew/

  • build

    260226

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
    gozi
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_20bf5bdd2e40d8c49ab9ef2214abaa53307e39cf7dbb2f201ff996a203d802d8
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections