Overview

overview

10

Static

static

3

b633568bdf...18.exe

windows7-x64

10

b633568bdf...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b633568bdfb080391bf6bd6e3d03beaf_JaffaCakes118

  • Size

    139KB

  • Sample

    240617-bz42maybld

  • MD5

    b633568bdfb080391bf6bd6e3d03beaf

  • SHA1

    862fa1fa4fbaaf5973eb59454598c5ae78f0df57

  • SHA256

    d218cf64252c0e223b229d8a85a9f8d2aa95fdfc8bd76d7447e8e1d18091d126

  • SHA512

    e0d2decf301cfac803ec0c8cf572c1f3686524a089c98b4bd578e40c26003a1d6dcf2be329f3ffb8758d1e853801216fadfc0c3ed9a6339712ddbb6a852aaf5f

  • SSDEEP

    3072:K17ujx+j3Y2QoGRSd7I9VvI0i+Enq5L0pq/43M:Ktu1+j3YJ1RI9TqL0c/j

Score
10/10
gozi3134bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3134

C2

zweideckei.com

ziebelschr.com

endetztera.com
Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      b633568bdfb080391bf6bd6e3d03beaf_JaffaCakes118

    • Size

      139KB

    • MD5

      b633568bdfb080391bf6bd6e3d03beaf

    • SHA1

      862fa1fa4fbaaf5973eb59454598c5ae78f0df57

    • SHA256

      d218cf64252c0e223b229d8a85a9f8d2aa95fdfc8bd76d7447e8e1d18091d126

    • SHA512

      e0d2decf301cfac803ec0c8cf572c1f3686524a089c98b4bd578e40c26003a1d6dcf2be329f3ffb8758d1e853801216fadfc0c3ed9a6339712ddbb6a852aaf5f

    • SSDEEP

      3072:K17ujx+j3Y2QoGRSd7I9VvI0i+Enq5L0pq/43M:Ktu1+j3YJ1RI9TqL0c/j

    Score
    10/10
    gozi3134bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks