Overview

overview

10

Static

static

3

JaffaCakes...fd.dll

windows7-x64

10

JaffaCakes...fd.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_3803b6b7e69dbd779ff587f9a4c8785c0238a48c263c33d185e9dd2a4e5351fd

  • Size

    625KB

  • Sample

    241225-xjs53stkap

  • MD5

    54fc2bd0d993a72ae74d7ac7f43dad51

  • SHA1

    a41f3d27e5e7e9148d8be940696849b7b3949987

  • SHA256

    3803b6b7e69dbd779ff587f9a4c8785c0238a48c263c33d185e9dd2a4e5351fd

  • SHA512

    6dde80bbfefa8772af8b41446411f9a687dce04e16c2c43c0dbcc31be7086c93448c5fb5e3d6e9250799561880cd4ccc85b69168777e41830c36095e99456771

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZQ:+w1lEKOpuYxiwkkgjAN8ZQ

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_3803b6b7e69dbd779ff587f9a4c8785c0238a48c263c33d185e9dd2a4e5351fd

    • Size

      625KB

    • MD5

      54fc2bd0d993a72ae74d7ac7f43dad51

    • SHA1

      a41f3d27e5e7e9148d8be940696849b7b3949987

    • SHA256

      3803b6b7e69dbd779ff587f9a4c8785c0238a48c263c33d185e9dd2a4e5351fd

    • SHA512

      6dde80bbfefa8772af8b41446411f9a687dce04e16c2c43c0dbcc31be7086c93448c5fb5e3d6e9250799561880cd4ccc85b69168777e41830c36095e99456771

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZQ:+w1lEKOpuYxiwkkgjAN8ZQ

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks