gozi | 6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470 | Triage

Submit
Reports

Overview

overview

Static

static

03e8d330ab...18.exe

windows7-x64

8

03e8d330ab...18.exe

windows10-2004-x64

7

Sharing

General

Target

03e8d330abc77a6a9d635d2e7c0e213a_JaffaCakes118
Size

492KB
Sample

240622-1bqa1avcna
MD5

03e8d330abc77a6a9d635d2e7c0e213a
SHA1

f4215465ea2368922d8f47357ced112e10b2c6d9
SHA256

6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470
SHA512

58aa3c017d3e5202b6a0f3f3040ba265e62f5ec5fbaab3330583ad71d88aceefab94cd87e7abcf9c936c01316b0750b5ba629df1e0b5504dd006261ea0bc4314
SSDEEP

6144:l2FtkbtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9Upm:l2FtkmmCVRtPvq2+d/

Score

10^/10

gozi isfb persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

03e8d330abc77a6a9d635d2e7c0e213a_JaffaCakes118.exe

Resource

win7-20231129-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

03e8d330abc77a6a9d635d2e7c0e213a_JaffaCakes118.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  03e8d330abc77a6a9d635d2e7c0e213a_JaffaCakes118
- Size
  
  492KB
- MD5
  
  03e8d330abc77a6a9d635d2e7c0e213a
- SHA1
  
  f4215465ea2368922d8f47357ced112e10b2c6d9
- SHA256
  
  6aa24766ff48239eed0ec20a8c2e05704650e73de941470cc053e1000bea6470
- SHA512
  
  58aa3c017d3e5202b6a0f3f3040ba265e62f5ec5fbaab3330583ad71d88aceefab94cd87e7abcf9c936c01316b0750b5ba629df1e0b5504dd006261ea0bc4314
- SSDEEP
  
  6144:l2FtkbtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9Upm:l2FtkmmCVRtPvq2+d/
Score

8^/10

persistence
- Server Software Component: Terminal Services DLL
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy