Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    597.exe

  • Size

    168KB

  • Sample

    230322-j8cbzaff93

  • MD5

    333307be6be7318cb48745cc820d3896

  • SHA1

    29d8cb35e45f5abebf3efc4b9ac40bf6fa3149ff

  • SHA256

    db6b418471d5ae8b92df0d0ca50fe0f2a4b4e7e8b57700c28309bbbe1826aadb

  • SHA512

    c23261cae613816327d2eba77be015847314407685ed8237b185b98ec4f3b8c3c08175f5d7b3d742882a8a8dd2b3073600b57417657c6025020cabb04d75bfaf

  • SSDEEP

    3072:+kiRly3qgNnroGXfEMAJ8nu3Jm3Xdi8fmhm61tap3i1o2s:Gl5gtfE1JrU3XkW4mJi1xs

Malware Config

Extracted

Family

gozi

Attributes
  • build

    217173

Extracted

Family

gozi

Botnet

3316

C2

hbritneyyi.com

c55wccayla.info

vdorrisacleo.xyz

Attributes
  • build

    217173

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      Device/HarddiskVolume4/Data/CTXProfiles/mtribenga/UPM_Profile/597.exe

    • Size

      520KB

    • MD5

      b32e9684b7b980d5e701f5d691e3db31

    • SHA1

      90eba241c5ec0ac472b180840f423a887401337c

    • SHA256

      f3f6b15265480c52e302f9f0b31ad6cc9051c16d16f1204bf78866e53c395896

    • SHA512

      8479ba8ada4c3d8b151fcd8395782ab5782df33dc76fc2e5bdd711842ad81242fed15f47110ae586124ac2530a1e926861f9f57487c7daf58e856874e0d33fc2

    • SSDEEP

      6144:DAVTFjFS3Q6fYnZy0EVHYNeSgTwl0lJgJ9vcl9CK:DEIQTZvs4NGT7goGK

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks