Overview

overview

10

Static

static

10

JaffaCakes...11.exe

windows7-x64

JaffaCakes...11.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8700616aa517bc038e37260ab27511172a383d9cf466d4956e84bb82a42bec11

  • Size

    468KB

  • Sample

    241225-cmhtasvjel

  • MD5

    e9f0246d1e08b5a9f8c07130dd004394

  • SHA1

    65b0d193995c76622cbbfd8d56eaacdf43e4ffc7

  • SHA256

    8700616aa517bc038e37260ab27511172a383d9cf466d4956e84bb82a42bec11

  • SHA512

    075048452e71d2022b500c91e8d4c25bc6ccc5f6ba5dc9581cf98e21ee8b883d376dcc86f768a9a78c713141488176eec9c72960387a9c082714155b8016ebd6

  • SSDEEP

    3072:JmHQnOt6Fcin8jOoM49GGuk5rM1NGnwxrPd5gCM/h3VK48r:JmwnsqT8y+BvwlICoK48r

Score
10/10
gozi7622isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7622

C2

botanlink.top

linkspremium.ru

premiumlists.ru
Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_8700616aa517bc038e37260ab27511172a383d9cf466d4956e84bb82a42bec11

    • Size

      468KB

    • MD5

      e9f0246d1e08b5a9f8c07130dd004394

    • SHA1

      65b0d193995c76622cbbfd8d56eaacdf43e4ffc7

    • SHA256

      8700616aa517bc038e37260ab27511172a383d9cf466d4956e84bb82a42bec11

    • SHA512

      075048452e71d2022b500c91e8d4c25bc6ccc5f6ba5dc9581cf98e21ee8b883d376dcc86f768a9a78c713141488176eec9c72960387a9c082714155b8016ebd6

    • SSDEEP

      3072:JmHQnOt6Fcin8jOoM49GGuk5rM1NGnwxrPd5gCM/h3VK48r:JmwnsqT8y+BvwlICoK48r

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks