Overview

overview

10

Static

static

3

JaffaCakes...e8.dll

windows7-x64

10

JaffaCakes...e8.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_53d4c08d16c75a5c4a6e131777ee5a2a2579b886b57547b2b70ce72f16f63ce8

  • Size

    624KB

  • Sample

    241229-gfdcfstrdw

  • MD5

    4bce31d18083b52b9d9b9d69790589f9

  • SHA1

    05bac00bbc3457399e033981cdbb4942e46793b7

  • SHA256

    53d4c08d16c75a5c4a6e131777ee5a2a2579b886b57547b2b70ce72f16f63ce8

  • SHA512

    477c46cfa492423d170566c7153336b94aa0d50426fc51663dbd3a6ce8c809812010b59106571fec05a463a4b8f26803b85e5ef5720cf06e0befde0205dd386f

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Za:+w1lEKOpuYxiwkkgjAN8Za

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_53d4c08d16c75a5c4a6e131777ee5a2a2579b886b57547b2b70ce72f16f63ce8

    • Size

      624KB

    • MD5

      4bce31d18083b52b9d9b9d69790589f9

    • SHA1

      05bac00bbc3457399e033981cdbb4942e46793b7

    • SHA256

      53d4c08d16c75a5c4a6e131777ee5a2a2579b886b57547b2b70ce72f16f63ce8

    • SHA512

      477c46cfa492423d170566c7153336b94aa0d50426fc51663dbd3a6ce8c809812010b59106571fec05a463a4b8f26803b85e5ef5720cf06e0befde0205dd386f

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Za:+w1lEKOpuYxiwkkgjAN8Za

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks