Overview

overview

10

Static

static

3

JaffaCakes...71.dll

windows7-x64

10

JaffaCakes...71.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_cfafa4b1366cd93c3a5b545a8f28982cc335e95011bd7cf82916f3d60b2cea71

  • Size

    626KB

  • Sample

    241225-zpdzfsxkgt

  • MD5

    21a788bfbb9feca8f72066d760d16b1f

  • SHA1

    8a444c3cd454054b1fc7b4bc34ec1b5b57b0b07b

  • SHA256

    cfafa4b1366cd93c3a5b545a8f28982cc335e95011bd7cf82916f3d60b2cea71

  • SHA512

    3218d9c8f4651e2f01b492dcb04b5b6d83acf57e520f581db575e23a18fc051d159b4431bdd3a3c5c138bb713156c24d19b32fd3c19c70191c0f81e46679f54f

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZW:+w1lEKOpuYxiwkkgjAN8ZW

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_cfafa4b1366cd93c3a5b545a8f28982cc335e95011bd7cf82916f3d60b2cea71

    • Size

      626KB

    • MD5

      21a788bfbb9feca8f72066d760d16b1f

    • SHA1

      8a444c3cd454054b1fc7b4bc34ec1b5b57b0b07b

    • SHA256

      cfafa4b1366cd93c3a5b545a8f28982cc335e95011bd7cf82916f3d60b2cea71

    • SHA512

      3218d9c8f4651e2f01b492dcb04b5b6d83acf57e520f581db575e23a18fc051d159b4431bdd3a3c5c138bb713156c24d19b32fd3c19c70191c0f81e46679f54f

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZW:+w1lEKOpuYxiwkkgjAN8ZW

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks