Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1503a40da3eee4ba11db866b31dd8f09bbb2ebfeef5e406c2806a18cdf9fa01d

  • Size

    222KB

  • Sample

    221228-1ng56abf86

  • MD5

    42a0ace2505232df5f4178922a374bca

  • SHA1

    8f08ce12259f02d9b6eabe80b3d248899b17e05d

  • SHA256

    1503a40da3eee4ba11db866b31dd8f09bbb2ebfeef5e406c2806a18cdf9fa01d

  • SHA512

    be082d4d538c8e0f928420549a2adc20bd819707186ea1a5d23e282a64840b2785f8584f39ae84b2f05272f5af98ace02057ee0573c8428f6c9a2829381d8282

  • SSDEEP

    3072:YYBLb95mHgC8cMDMtqW+LCyzcq7dB96PgdxdQt+FG+wD3tdmdhxH:DLbS8DGqXLfzPE4xS8Fri3tm

Malware Config

Extracted

Family

gozi

Botnet

22500

C2

confisg.edge.skype.com

http://5icvzwz.xyz

http://185.14.45.80

Attributes
  • base_path

    /recycle/

  • build

    250249

  • exe_type

    worker

  • extension

    .alo

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1503a40da3eee4ba11db866b31dd8f09bbb2ebfeef5e406c2806a18cdf9fa01d

    • Size

      222KB

    • MD5

      42a0ace2505232df5f4178922a374bca

    • SHA1

      8f08ce12259f02d9b6eabe80b3d248899b17e05d

    • SHA256

      1503a40da3eee4ba11db866b31dd8f09bbb2ebfeef5e406c2806a18cdf9fa01d

    • SHA512

      be082d4d538c8e0f928420549a2adc20bd819707186ea1a5d23e282a64840b2785f8584f39ae84b2f05272f5af98ace02057ee0573c8428f6c9a2829381d8282

    • SSDEEP

      3072:YYBLb95mHgC8cMDMtqW+LCyzcq7dB96PgdxdQt+FG+wD3tdmdhxH:DLbS8DGqXLfzPE4xS8Fri3tm

    • Detects Smokeloader packer

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks