Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

1864-2-0x0...ry.exe

windows7-x64

1

1864-2-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1864-2-0x0000000000400000-0x000000000044A000-memory.dmp

  • Size

    296KB

  • Sample

    231011-nykyksfa26

  • MD5

    dacae3d559a8e733ac49f4112a80935d

  • SHA1

    f02c7cffa164c38b34b3bc5b008b403c22420c9b

  • SHA256

    9f66575a92a850ca3fc504ec0483d3a1bd388018ee4eb307bd47e5371206fa1e

  • SHA512

    df3bf24e2f8410ffe72b9a0c53840a086364d2e113a8a9a6d699d3d567ee112fc8808a7805328527af6765ca9b0d3b3d1ba4159669d8c3871dd0ed109a61e0eb

  • SSDEEP

    3072:erPI5jSu1e5RgfA4D3tACX/VIlBuPMVEOqFo67UFMQBzttxq8i7u5s5cTSPTrbp:uu1e5RGJrtAOVAEPUEOq5UqCwyT0TJ

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

netsecurez.com

whofoxy.com

mimemoa.com

ntcgo.com
Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1864-2-0x0000000000400000-0x000000000044A000-memory.dmp

    • Size

      296KB

    • MD5

      dacae3d559a8e733ac49f4112a80935d

    • SHA1

      f02c7cffa164c38b34b3bc5b008b403c22420c9b

    • SHA256

      9f66575a92a850ca3fc504ec0483d3a1bd388018ee4eb307bd47e5371206fa1e

    • SHA512

      df3bf24e2f8410ffe72b9a0c53840a086364d2e113a8a9a6d699d3d567ee112fc8808a7805328527af6765ca9b0d3b3d1ba4159669d8c3871dd0ed109a61e0eb

    • SSDEEP

      3072:erPI5jSu1e5RgfA4D3tACX/VIlBuPMVEOqFo67UFMQBzttxq8i7u5s5cTSPTrbp:uu1e5RGJrtAOVAEPUEOq5UqCwyT0TJ

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks