Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    11664516151.zip

  • Size

    101KB

  • Sample

    230829-rrs76afh91

  • MD5

    622f42bea850ba46e5a696871fbb572c

  • SHA1

    8267c432fc2818f7c5eec660de8c715fe1660977

  • SHA256

    f0ae85476748c6cb603be0ee6f2097231f37438307289dc6918660bc99ef095d

  • SHA512

    1072f37bba45b22c44b2e305c02597094350265253a3ac5bd01472fd385523c94c0f94063c4cf41d5cdc665fa06ef2ce77b68753d520620acdb51e901bbe48e0

  • SSDEEP

    3072:8gLbUluhTC/8xYAF9GnYdDOkhEcYrNu46:04hHxXFgYdDUsl

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7244

C2

web.vortex.data.microsoft.com

ocsp.sca1b.amazontrust.com

gstatici.com

Attributes
  • build

    250167

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      6dda626b8ecf2e68f2f57328a0ddfdf4297ec10f7a706574c69387fd9e136e1d

    • Size

      222KB

    • MD5

      751c24642e4d160c3bddd3b007823f7b

    • SHA1

      c8c2b1e3b8ebcb868d80878e6ccfaa50d5f164b5

    • SHA256

      6dda626b8ecf2e68f2f57328a0ddfdf4297ec10f7a706574c69387fd9e136e1d

    • SHA512

      dbced184573f4c78099f8913feab796fa55381315dca9173d572841dae046d7d8afb7fab578c1ca1d85a38236e488944f0b6428787e503551b895f4f877f9e48

    • SSDEEP

      6144:lug7uSfrq53f/naaLgXwVoVXt+3HRzVOf:L3fe53naaLgXw6FIh2

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks