Overview

overview

10

Static

static

3

JaffaCakes...6b.dll

windows7-x64

10

JaffaCakes...6b.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_90869966a8bf0d1bee2e274970d1bf067266d5ba30b3420677a03caf9424ce6b

  • Size

    625KB

  • Sample

    241225-a7h9fssnfn

  • MD5

    1c2ce8b9d540fed0ce26bc6dee7a7364

  • SHA1

    f70d1aca326c4a81f94b90fa6ee5ec43d4a12aae

  • SHA256

    90869966a8bf0d1bee2e274970d1bf067266d5ba30b3420677a03caf9424ce6b

  • SHA512

    cea3015a973d552110a8e21b9776c081f82121c47544b50f5ab5ddea7a7f0ba33a242ac95a2bf2a56ca066cb80031134084dcefa9a4ff91a9bc4ec7c98369632

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Z7:+w1lEKOpuYxiwkkgjAN8Z7

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_90869966a8bf0d1bee2e274970d1bf067266d5ba30b3420677a03caf9424ce6b

    • Size

      625KB

    • MD5

      1c2ce8b9d540fed0ce26bc6dee7a7364

    • SHA1

      f70d1aca326c4a81f94b90fa6ee5ec43d4a12aae

    • SHA256

      90869966a8bf0d1bee2e274970d1bf067266d5ba30b3420677a03caf9424ce6b

    • SHA512

      cea3015a973d552110a8e21b9776c081f82121c47544b50f5ab5ddea7a7f0ba33a242ac95a2bf2a56ca066cb80031134084dcefa9a4ff91a9bc4ec7c98369632

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Z7:+w1lEKOpuYxiwkkgjAN8Z7

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks