Overview

overview

10

Static

static

3

b15727ac65...18.exe

windows7-x64

10

b15727ac65...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b15727ac65dec0e4c799293aa6cc0e5b_JaffaCakes118

  • Size

    385KB

  • Sample

    240616-czhztszdjn

  • MD5

    b15727ac65dec0e4c799293aa6cc0e5b

  • SHA1

    1c57a692f1970dd878ba0c476c848d33d4ea74d7

  • SHA256

    8fe13cb71284ad861fd29c1dc11e2cb9c42d38c88ce7122bf6d303105fa4db65

  • SHA512

    85fbdd5ea1c35a2355b075daa383d45cbb04c6a0b3075b161d8be514f77ca77f6dda458899ae6b793e17b831b3dfb27920c815605bd01672a4b1f1f7127c0f59

  • SSDEEP

    6144:wiZbIVIRqTq+nfoeul6j5SuE/PB624EzWEydvkS+sTnGoPBJDm14LH6QriBi:wikq+nfAl6j5SXxKE0eknGoPHDXHW

Score
10/10
gozi3159bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3159

C2

pulneselle.com

vivitempen.com

jewayelome.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      b15727ac65dec0e4c799293aa6cc0e5b_JaffaCakes118

    • Size

      385KB

    • MD5

      b15727ac65dec0e4c799293aa6cc0e5b

    • SHA1

      1c57a692f1970dd878ba0c476c848d33d4ea74d7

    • SHA256

      8fe13cb71284ad861fd29c1dc11e2cb9c42d38c88ce7122bf6d303105fa4db65

    • SHA512

      85fbdd5ea1c35a2355b075daa383d45cbb04c6a0b3075b161d8be514f77ca77f6dda458899ae6b793e17b831b3dfb27920c815605bd01672a4b1f1f7127c0f59

    • SSDEEP

      6144:wiZbIVIRqTq+nfoeul6j5SuE/PB624EzWEydvkS+sTnGoPBJDm14LH6QriBi:wikq+nfAl6j5SXxKE0eknGoPHDXHW

    Score
    10/10
    gozi3159bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks