Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    server.exe

  • Size

    192KB

  • Sample

    230308-mas4lsfc82

  • MD5

    b53e7a4f7d03dc6b34760a66dc7fefdf

  • SHA1

    e4bb248848451813b7325c001910defaf262e58a

  • SHA256

    2b31a64f7d221dfd8ac33edaf101a4c1ac73f36dcd7abb976517fb1e90750544

  • SHA512

    2a8865882cb9ed6a6f3382c7201d93c8cf9eb67377b31c56f25481dd21db5ba2c2959368e63ca4e1e916e99c87a30b875f649bcdc12c63f4a45ca572ee271aed

  • SSDEEP

    3072:6F3QsFXipai+ZJY0glWqUeMV7oog/Mhej01QDnLjmH52c:bWX8ai+Za067UnVU/0hS01QDL

Malware Config

Extracted

Family

gozi

Botnet

7711

C2

checklist.skype.com

62.173.138.6

89.117.37.146

46.8.210.82

89.116.227.15

31.41.44.51

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Targets

    • Target

      server.exe

    • Size

      192KB

    • MD5

      b53e7a4f7d03dc6b34760a66dc7fefdf

    • SHA1

      e4bb248848451813b7325c001910defaf262e58a

    • SHA256

      2b31a64f7d221dfd8ac33edaf101a4c1ac73f36dcd7abb976517fb1e90750544

    • SHA512

      2a8865882cb9ed6a6f3382c7201d93c8cf9eb67377b31c56f25481dd21db5ba2c2959368e63ca4e1e916e99c87a30b875f649bcdc12c63f4a45ca572ee271aed

    • SSDEEP

      3072:6F3QsFXipai+ZJY0glWqUeMV7oog/Mhej01QDnLjmH52c:bWX8ai+Za067UnVU/0hS01QDL

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks