Overview

overview

10

Static

static

3

a71325aa63...18.exe

windows7-x64

10

a71325aa63...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a71325aa633a5fb5cad6f1f7c729ad7b_JaffaCakes118

  • Size

    269KB

  • Sample

    240613-3ar5bavdna

  • MD5

    a71325aa633a5fb5cad6f1f7c729ad7b

  • SHA1

    12b5f7d2f5ccbabb87bd78fc6f6756643843524f

  • SHA256

    bb44df19cbc6ef5dfa99ef1f1d182b22b23f6224207c3aaf6c7b11eab1ae88fa

  • SHA512

    4e0c2e21a21f5be4b3a21cccfa1d0c2616aea3fb22a5d3d90bcfa3773b7b99fd3ead31b4d62f3190564fb643798e3f13a601f364dc4a8087ae99b042cd1653f3

  • SSDEEP

    6144:AVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:AVfjDmtW/adCC4/UIsBhN/5

Score
10/10
gozi3151bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      a71325aa633a5fb5cad6f1f7c729ad7b_JaffaCakes118

    • Size

      269KB

    • MD5

      a71325aa633a5fb5cad6f1f7c729ad7b

    • SHA1

      12b5f7d2f5ccbabb87bd78fc6f6756643843524f

    • SHA256

      bb44df19cbc6ef5dfa99ef1f1d182b22b23f6224207c3aaf6c7b11eab1ae88fa

    • SHA512

      4e0c2e21a21f5be4b3a21cccfa1d0c2616aea3fb22a5d3d90bcfa3773b7b99fd3ead31b4d62f3190564fb643798e3f13a601f364dc4a8087ae99b042cd1653f3

    • SSDEEP

      6144:AVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:AVfjDmtW/adCC4/UIsBhN/5

    Score
    10/10
    gozi3151bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks