Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    321KB

  • Sample

    230208-1ycneshc56

  • MD5

    63378c08c181a297c7c22843e5f9347d

  • SHA1

    40b101fe68b133df842398b9420891bde46a4793

  • SHA256

    0de7ea82be4acb882af007b3912969da1af9a4dc31b057d0e8aa549ea24ee11b

  • SHA512

    e05fa49d332182282a368e8386f59d4fe2caff810f0f1b3ba71d15d6ed311f98c68bb265dbc56e0c34e385075060de9006b1e882911969a6ebafe7324da42baf

  • SSDEEP

    6144:QkiV/ACYyy92M8TMcC/TH0eD0c+Liq0v:Q1RA+a2NXCT0e49m

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158

Attributes
  • base_path

    /microsoft/

  • build

    260255

  • exe_type

    loader

  • extension

    .acx

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    ad75d4e2e9636ca662a337b6e798d36159f23acfc89bbe9400d0d451bd8d69fd

Targets

    • Target

      file.exe

    • Size

      321KB

    • MD5

      63378c08c181a297c7c22843e5f9347d

    • SHA1

      40b101fe68b133df842398b9420891bde46a4793

    • SHA256

      0de7ea82be4acb882af007b3912969da1af9a4dc31b057d0e8aa549ea24ee11b

    • SHA512

      e05fa49d332182282a368e8386f59d4fe2caff810f0f1b3ba71d15d6ed311f98c68bb265dbc56e0c34e385075060de9006b1e882911969a6ebafe7324da42baf

    • SSDEEP

      6144:QkiV/ACYyy92M8TMcC/TH0eD0c+Liq0v:Q1RA+a2NXCT0e49m

    • Detects Smokeloader packer

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks