Overview

overview

10

Static

static

7

024df820ea...18.exe

windows7-x64

10

024df820ea...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    024df820ea45bea55c668af1feda690d_JaffaCakes118

  • Size

    784KB

  • Sample

    240622-qf1bnazalh

  • MD5

    024df820ea45bea55c668af1feda690d

  • SHA1

    b43ad8d3b41122eeb8bba3ac6727f6eb6c55fedb

  • SHA256

    a685bc172806482c679fe98c4c809eeb4b28b7fc38db4c5eb4e01871629f56ee

  • SHA512

    4244f99e12b0ac58808fadf620abff854be5231c49f9eb8cf78212f096233c29b50b0f11a11676520e51bef888f7ed63a1a5d3ba1df97933a81cc06abd56a5f2

  • SSDEEP

    24576:4ZO3avqDt0TmGh78YPZZQK14mr+g/LU4nFmwOc:4ZeavqDuV8Sh4mrnLq9

Score
10/10
gozixmrigbankerisfbminertrojanupx

Malware Config

Extracted

Family

gozi

Targets

    • Target

      024df820ea45bea55c668af1feda690d_JaffaCakes118

    • Size

      784KB

    • MD5

      024df820ea45bea55c668af1feda690d

    • SHA1

      b43ad8d3b41122eeb8bba3ac6727f6eb6c55fedb

    • SHA256

      a685bc172806482c679fe98c4c809eeb4b28b7fc38db4c5eb4e01871629f56ee

    • SHA512

      4244f99e12b0ac58808fadf620abff854be5231c49f9eb8cf78212f096233c29b50b0f11a11676520e51bef888f7ed63a1a5d3ba1df97933a81cc06abd56a5f2

    • SSDEEP

      24576:4ZO3avqDt0TmGh78YPZZQK14mr+g/LU4nFmwOc:4ZeavqDuV8Sh4mrnLq9

    Score
    10/10
    gozixmrigbankerisfbminertrojanupx

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks