Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b3b8433b8322d3884a24aa66d423bb386bd2d26edc86f09f5409a7a30b52bcfb

  • Size

    296KB

  • Sample

    221107-tmc2gshdcq

  • MD5

    0f4a3710b28ebbf430bc765f9b9e9740

  • SHA1

    362460f5f63c8cf844dc089454f72cb974046c07

  • SHA256

    b3b8433b8322d3884a24aa66d423bb386bd2d26edc86f09f5409a7a30b52bcfb

  • SHA512

    fdfa471259ecb69f64b749b485e9cb9d2be2227113117dc19facce9daba4f86f19dbe34fa36379e89ecc0ddaf42aaa69a275c15d78b50b6a80777001e4b4839c

  • SSDEEP

    6144:BSu1zvPvYDyLpj5weLCVrk0WRm/wpnN5Oie6xjMPt9eZiC3:gu1znL8k0WdNre6h+t9k

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1099

C2

fkklqkjgnr.com

sinpotikos.com

bnkalirmf.com

Attributes
  • exe_type

    worker

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      b3b8433b8322d3884a24aa66d423bb386bd2d26edc86f09f5409a7a30b52bcfb

    • Size

      296KB

    • MD5

      0f4a3710b28ebbf430bc765f9b9e9740

    • SHA1

      362460f5f63c8cf844dc089454f72cb974046c07

    • SHA256

      b3b8433b8322d3884a24aa66d423bb386bd2d26edc86f09f5409a7a30b52bcfb

    • SHA512

      fdfa471259ecb69f64b749b485e9cb9d2be2227113117dc19facce9daba4f86f19dbe34fa36379e89ecc0ddaf42aaa69a275c15d78b50b6a80777001e4b4839c

    • SSDEEP

      6144:BSu1zvPvYDyLpj5weLCVrk0WRm/wpnN5Oie6xjMPt9eZiC3:gu1znL8k0WdNre6h+t9k

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Modifies Installed Components in the registry

    • Deletes itself

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks