Overview

overview

10

Static

static

3

JaffaCakes...b5.dll

windows7-x64

10

JaffaCakes...b5.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a301861f74178c4f1da17e1c203e738f24e18b675300f1aafef480b8789433b5

  • Size

    624KB

  • Sample

    241229-hwv3wawlhk

  • MD5

    eaed32ef9b92c90775eba1617af1624f

  • SHA1

    d1a1bf0e468a2402948e00f6b0d2b93a5cea1783

  • SHA256

    a301861f74178c4f1da17e1c203e738f24e18b675300f1aafef480b8789433b5

  • SHA512

    6a94bf05bd96f08d6e121eac1e03f14073bb52bb6ab8bf1686844d1d6ed2147c92086f3104967e8395374d837521ee734d025d5ebece568bcd67af493a5f6fcf

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zy:+w1lEKOpuYxiwkkgjAN8Zy

Score
10/10
gozi999bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_a301861f74178c4f1da17e1c203e738f24e18b675300f1aafef480b8789433b5

    • Size

      624KB

    • MD5

      eaed32ef9b92c90775eba1617af1624f

    • SHA1

      d1a1bf0e468a2402948e00f6b0d2b93a5cea1783

    • SHA256

      a301861f74178c4f1da17e1c203e738f24e18b675300f1aafef480b8789433b5

    • SHA512

      6a94bf05bd96f08d6e121eac1e03f14073bb52bb6ab8bf1686844d1d6ed2147c92086f3104967e8395374d837521ee734d025d5ebece568bcd67af493a5f6fcf

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zy:+w1lEKOpuYxiwkkgjAN8Zy

    Score
    10/10
    gozi999bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks