Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

documento/...to.url

windows7-x64

1

documento/...to.url

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    documento.zip

  • Size

    479B

  • Sample

    230209-rc9llaeg62

  • MD5

    16b8e5c049f213c00071a59a6f69f5e7

  • SHA1

    08f0a4a6dbea93a3dd927218f7da6fdf5c2e8973

  • SHA256

    4e801b98464a9bcbceeaeb058cfbdef589e40e255206ba8c926f8d4c82ad08ef

  • SHA512

    6c0a8b18284f9053fa08e25606c1a1b1ec429b39293aac20687d317cb98fbb14a9cbd675fc1bde91f8a21c8e1bef70c5a9c7134c1c7c6ccb6bcb3b3ef75a739e

Score
10/10
gozi7708bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7708

C2

checklist.skype.com

62.173.147.156

31.41.44.3

46.8.19.140

45.151.232.3

62.173.139.21

185.142.99.47

31.41.44.121
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      documento/documento.url

    • Size

      193B

    • MD5

      edca65cabb466cc4d38738f4661bfe47

    • SHA1

      3d3ab1139b38b6e3fd16f26315b57fe9d904397c

    • SHA256

      b6ece3b9c859b0baa1d09bc27a77df0e35a9bb0f866eefc726a3237a0eaa37fc

    • SHA512

      ddffc79858639112d3f2337c6bbf0bbee4a8331153cb06be499cfbe543c36f371834ef376266ccf4af1f52cd54f58c08c56f0f4b7d06b19921f96617eda323e8

    Score
    10/10
    gozi7708bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks