Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8989526139.zip

  • Size

    407KB

  • Sample

    230203-fkhx3aec9v

  • MD5

    1a99a98597282864905a8a53819f30c1

  • SHA1

    d6ac29bffbb183e66c54d8994c526d0c8ed804ae

  • SHA256

    17ab3a222ed0f41e60d456e201450b36b28c27b9945880fb40b082a6171c79e2

  • SHA512

    07a9377d37a4938f0f6c9fefe9e84a7796733fe7d262cdefa7b6be55b76a5f90acbc7795aeb5e369fb969103871780eef29fad0b5cc4fb83bfcce424f14e2752

  • SSDEEP

    6144:nP1OAfQixoenUY650N59bC0UTOinOf68DJgQ+RBk1y9rr4LIAC9EjKBP1/gKvU6K:nNO/er6458/nOf60gB+tIA4W8U6IG9W

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20005

C2

trackingg-protectioon.cdn4.mozilla.net

80.77.23.77

80.77.25.109

protectioon.cdn4.mozilla.net

170.130.165.182

80.77.25.114

Attributes
  • base_path

    /fonts/

  • build

    250250

  • exe_type

    loader

  • extension

    .bak

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35

    • Size

      592KB

    • MD5

      85fa54c2a97ad3a1f8bd64af62450511

    • SHA1

      db92c0a81e8b27d222607e093ccc9d00485db119

    • SHA256

      e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35

    • SHA512

      6c6faba5f566e3c383d676c736319a7a70138070b0d9771727a1c7756718a4add05db8a7c3a5b038b9269a0ecb14434872516912faea8e2479729a192f9a4b4b

    • SSDEEP

      12288:cysmuJC4fktsdyjJGL44Clz8JwsWydYo9NRl:cT7IoyjXTKdlnz

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks