Overview

overview

10

Static

static

3

9fd1579cf1...18.exe

windows7-x64

10

9fd1579cf1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9fd1579cf1541c953eacbaf3cce0de47_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240611-2vvkhavflq

  • MD5

    9fd1579cf1541c953eacbaf3cce0de47

  • SHA1

    9b6c1182422a09257bebe1271961f28fee704898

  • SHA256

    7b2d0ae7c31282f5a52bd8f92c7e0ce46b0ae050b5853c87b57a97e4293a1f38

  • SHA512

    9230f7f9e68f575df7b8a11dd9209d34c592d947cc99e06065318714f4bd4d8dbf848dd89d62cfeb687927edbe8403ec98e050eebedcd45937f416aae7f8ff67

  • SSDEEP

    49152:4SuE3+trqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L3yqPKIOson6Cslny8WR6wOHstehsC7

Score
10/10
gozi3184bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3184

C2

qfelicialew.city

mzg4958lc.com

gxuxwnszau.band
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      9fd1579cf1541c953eacbaf3cce0de47_JaffaCakes118

    • Size

      1.8MB

    • MD5

      9fd1579cf1541c953eacbaf3cce0de47

    • SHA1

      9b6c1182422a09257bebe1271961f28fee704898

    • SHA256

      7b2d0ae7c31282f5a52bd8f92c7e0ce46b0ae050b5853c87b57a97e4293a1f38

    • SHA512

      9230f7f9e68f575df7b8a11dd9209d34c592d947cc99e06065318714f4bd4d8dbf848dd89d62cfeb687927edbe8403ec98e050eebedcd45937f416aae7f8ff67

    • SSDEEP

      49152:4SuE3+trqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L3yqPKIOson6Cslny8WR6wOHstehsC7

    Score
    10/10
    gozi3184bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks