Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    documento.zip

  • Size

    479B

  • Sample

    230209-rc9llaeg62

  • MD5

    16b8e5c049f213c00071a59a6f69f5e7

  • SHA1

    08f0a4a6dbea93a3dd927218f7da6fdf5c2e8973

  • SHA256

    4e801b98464a9bcbceeaeb058cfbdef589e40e255206ba8c926f8d4c82ad08ef

  • SHA512

    6c0a8b18284f9053fa08e25606c1a1b1ec429b39293aac20687d317cb98fbb14a9cbd675fc1bde91f8a21c8e1bef70c5a9c7134c1c7c6ccb6bcb3b3ef75a739e

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7708

C2

checklist.skype.com

62.173.147.156

31.41.44.3

46.8.19.140

45.151.232.3

62.173.139.21

185.142.99.47

31.41.44.121

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv7+9XnVyoEf0NaeFsBJuj9MeT
3
0PzqSeqmn/7tlbWkbmAb3Ve+C9y/NkOttO0cTXymtBQrh7nn503gaRnqAvc3zs+z
4
xjVGMEo3fQ5jV73A4pcgGehGyPNu9pMKJMYZ064yu+D15BM+tgCU5QHaGiriQeKN
5
GWLZqhFa6B5D420MfwIDAQAB
6
-----END PUBLIC KEY-----
aes.plain
1
igHCPmeejgu60HuJ

Targets

    • Target

      documento/documento.url

    • Size

      193B

    • MD5

      edca65cabb466cc4d38738f4661bfe47

    • SHA1

      3d3ab1139b38b6e3fd16f26315b57fe9d904397c

    • SHA256

      b6ece3b9c859b0baa1d09bc27a77df0e35a9bb0f866eefc726a3237a0eaa37fc

    • SHA512

      ddffc79858639112d3f2337c6bbf0bbee4a8331153cb06be499cfbe543c36f371834ef376266ccf4af1f52cd54f58c08c56f0f4b7d06b19921f96617eda323e8

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.