Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Electron.exe

  • Size

    4.0MB

  • Sample

    231105-z46b9aee94

  • MD5

    5aad6da9eb1e06fb7a249afc9f4927a8

  • SHA1

    c603222e26d5f43a1b5f6fc5347f44ca52df0a58

  • SHA256

    83394afef201b339640f94c5d7a054be01a94852edda1efb154de52cd49203e8

  • SHA512

    2b997dea2fffc33720bb400d46d3c41549be4481c6dc0e7016a657bab01cf1b4cf35419ea421231c787ea8e3379b97725ac0766575b51b13f723cf21ec302de8

  • SSDEEP

    98304:CibxzWoWCzGKFeRWCcqnfN7WSxP1l/RcblYTT4ROHiq1mOc9d8:Cibx/WWFCjJWblw4ROCq10

Malware Config

Extracted

Family

gozi

Targets

    • Target

      Electron.exe

    • Size

      4.0MB

    • MD5

      5aad6da9eb1e06fb7a249afc9f4927a8

    • SHA1

      c603222e26d5f43a1b5f6fc5347f44ca52df0a58

    • SHA256

      83394afef201b339640f94c5d7a054be01a94852edda1efb154de52cd49203e8

    • SHA512

      2b997dea2fffc33720bb400d46d3c41549be4481c6dc0e7016a657bab01cf1b4cf35419ea421231c787ea8e3379b97725ac0766575b51b13f723cf21ec302de8

    • SSDEEP

      98304:CibxzWoWCzGKFeRWCcqnfN7WSxP1l/RcblYTT4ROHiq1mOc9d8:Cibx/WWFCjJWblw4ROCq10

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks