Overview

overview

10

Static

static

3

JaffaCakes...7d.dll

windows7-x64

10

JaffaCakes...7d.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_01294bb0a84b37238f9f62e86316ceb8044cf48707d2668fe23f6f5fa5c1a67d

  • Size

    625KB

  • Sample

    241229-ek8caasjew

  • MD5

    04276170f5491ac7f0e0567b3610e4d1

  • SHA1

    4638a140088b1093395d29d2da0dc00283a8e391

  • SHA256

    01294bb0a84b37238f9f62e86316ceb8044cf48707d2668fe23f6f5fa5c1a67d

  • SHA512

    0ce9e62577576431c40e2046bf1d568ee26bb084a6ed801709704f8a8f8eb41bebf638d58138563945d6dcbccd57aa78b44d80a3d4618153e1a8541efa148ff1

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zu:+w1lEKOpuYxiwkkgjAN8Zu

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_01294bb0a84b37238f9f62e86316ceb8044cf48707d2668fe23f6f5fa5c1a67d

    • Size

      625KB

    • MD5

      04276170f5491ac7f0e0567b3610e4d1

    • SHA1

      4638a140088b1093395d29d2da0dc00283a8e391

    • SHA256

      01294bb0a84b37238f9f62e86316ceb8044cf48707d2668fe23f6f5fa5c1a67d

    • SHA512

      0ce9e62577576431c40e2046bf1d568ee26bb084a6ed801709704f8a8f8eb41bebf638d58138563945d6dcbccd57aa78b44d80a3d4618153e1a8541efa148ff1

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zu:+w1lEKOpuYxiwkkgjAN8Zu

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks