Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    server.exe

  • Size

    178KB

  • Sample

    230320-q3mdbafg51

  • MD5

    0fcb834306b465d8998c654a5d4c3727

  • SHA1

    34d67f89115124d042f65cff8f16a5508e8336c3

  • SHA256

    b97cfd0ea14f390894948861cacafbad2f88767d52477e339e2c0a6e4316793b

  • SHA512

    d95647ffd2017fedcdcdc3db4fad352613a82b10704d97c1bc91dd1375aa0f1c3ca2ce0395ecdc77a545acfcd5c5cca244230e57b3cad06b7ed70ec416f773c7

  • SSDEEP

    3072:2bKsm0/YwL+NqvT+u8TEaYDSj6krWt+3j4XBps2Q:d30QO+udabGTEw

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      178KB

    • MD5

      0fcb834306b465d8998c654a5d4c3727

    • SHA1

      34d67f89115124d042f65cff8f16a5508e8336c3

    • SHA256

      b97cfd0ea14f390894948861cacafbad2f88767d52477e339e2c0a6e4316793b

    • SHA512

      d95647ffd2017fedcdcdc3db4fad352613a82b10704d97c1bc91dd1375aa0f1c3ca2ce0395ecdc77a545acfcd5c5cca244230e57b3cad06b7ed70ec416f773c7

    • SSDEEP

      3072:2bKsm0/YwL+NqvT+u8TEaYDSj6krWt+3j4XBps2Q:d30QO+udabGTEw

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks