Overview

overview

10

Static

static

10

JaffaCakes...cd.dll

windows7-x64

3

JaffaCakes...cd.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_e7a04a350d6648b514c35ff43b0b8daa2f377949f8f377a814a20d682d0caccd

  • Size

    636KB

  • MD5

    d46c7c8f8aede95cb61aca120d0af77d

  • SHA1

    4e3a91eef4c904dda7b5f2b75f3f5ae440e15885

  • SHA256

    e7a04a350d6648b514c35ff43b0b8daa2f377949f8f377a814a20d682d0caccd

  • SHA512

    3535e4b0a3dd25ba7fe3a0538f6804ec287e80d5b8fa1d98f57db6f441fb65e81e4d7e549b681deedf33caa008b024fdee1216514109694495514eda1563a4af

  • SSDEEP

    768:qUSQB53kinvP/ycPr8mA0i2V0hhXhhjYko8FVgihBfULeY2:OQBNrX/vPrl6tYkhVVbULw

Score
10/10
isfb999gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142
Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
    gozi
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_e7a04a350d6648b514c35ff43b0b8daa2f377949f8f377a814a20d682d0caccd
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections