Overview

overview

10

Static

static

3

JaffaCakes...1f.dll

windows7-x64

10

JaffaCakes...1f.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_11232fc5d3a0b52fcef33733ddf225475d76042ee01f3755dbaf6a2baaf6531f

  • Size

    625KB

  • Sample

    241229-bze3haykfn

  • MD5

    7ac11d386538620895596273a8e4537e

  • SHA1

    2f256efaf1f791a5df89332c56288595e7a0f857

  • SHA256

    11232fc5d3a0b52fcef33733ddf225475d76042ee01f3755dbaf6a2baaf6531f

  • SHA512

    54869a297c4e7cd563bd866bf98dbd9da16dab5c012575175fd8e6cb915386c77984931570997611e4bcb3a3e1a179dd8ae4c2730bbc0ab12d7f64711054a7e1

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zt:+w1lEKOpuYxiwkkgjAN8Zt

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_11232fc5d3a0b52fcef33733ddf225475d76042ee01f3755dbaf6a2baaf6531f

    • Size

      625KB

    • MD5

      7ac11d386538620895596273a8e4537e

    • SHA1

      2f256efaf1f791a5df89332c56288595e7a0f857

    • SHA256

      11232fc5d3a0b52fcef33733ddf225475d76042ee01f3755dbaf6a2baaf6531f

    • SHA512

      54869a297c4e7cd563bd866bf98dbd9da16dab5c012575175fd8e6cb915386c77984931570997611e4bcb3a3e1a179dd8ae4c2730bbc0ab12d7f64711054a7e1

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zt:+w1lEKOpuYxiwkkgjAN8Zt

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks