Overview

overview

10

Static

static

3

a9992ace2c...18.exe

windows7-x64

10

a9992ace2c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9992ace2ca16cfe185697a3e2cb4a51_JaffaCakes118

  • Size

    410KB

  • Sample

    240614-pa2f4azeqc

  • MD5

    a9992ace2ca16cfe185697a3e2cb4a51

  • SHA1

    0935e81ad9fc71bcf2909d0a6d7bda45623fdb97

  • SHA256

    423c469b4d7e6d809edae017d84f626b529d60dc1d0af3c45dd4d3248b08ebb5

  • SHA512

    4139941f324ff9653b0c9fed91a1a8ff8c3a7ace46b674faf00abc3904e1827b2807a07b3a00c122c1aeee5afaf16c10a7c15691db712ada5649aaa5f254218e

  • SSDEEP

    6144:O3lYafWLlGXxnrgsVA6WetdjDUDSNuLBRQFqD89ciXRGk8xKsR5F03SkoRHT:OeGXh/AReLnuvQUDqmVR4ikoRHT

Score
10/10
gozi3179bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3179

C2

pyilgdamion.city

k13zraphael.city

xyawnat.city
Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      a9992ace2ca16cfe185697a3e2cb4a51_JaffaCakes118

    • Size

      410KB

    • MD5

      a9992ace2ca16cfe185697a3e2cb4a51

    • SHA1

      0935e81ad9fc71bcf2909d0a6d7bda45623fdb97

    • SHA256

      423c469b4d7e6d809edae017d84f626b529d60dc1d0af3c45dd4d3248b08ebb5

    • SHA512

      4139941f324ff9653b0c9fed91a1a8ff8c3a7ace46b674faf00abc3904e1827b2807a07b3a00c122c1aeee5afaf16c10a7c15691db712ada5649aaa5f254218e

    • SSDEEP

      6144:O3lYafWLlGXxnrgsVA6WetdjDUDSNuLBRQFqD89ciXRGk8xKsR5F03SkoRHT:OeGXh/AReLnuvQUDqmVR4ikoRHT

    Score
    10/10
    gozi3179bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks