Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7ceca82e51c65027b9f5898bc20f9cc7

  • Size

    272KB

  • Sample

    240128-mw29eahah6

  • MD5

    7ceca82e51c65027b9f5898bc20f9cc7

  • SHA1

    c547998124f9baf51aac77f878d63975516f3625

  • SHA256

    305b4d78909b1c91af81359cf9eadb3ebb286cbd0539bf20189c98af65509242

  • SHA512

    749b07c4f4881f4a2d08ccc00cb343a44303fe1b5b72b2a440fcc91c9f63f373e166a268445f2f4729e91ab3b9e8f75d59cfb1e47a51dd1d2ed4bab619f3f0b8

  • SSDEEP

    6144:Occ9NHV+aVVxiPMFSyVhcOhk5ju147FwPp3mZVG8ws:m9ZV+avxiPMaOW5wPl0w

Malware Config

Extracted

Family

gozi

Botnet

4474

C2

yahoo.com

tumolerunosell.website

pumolerunosell.website

Attributes
  • base_path

    /jdraw/

  • build

    250206

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • extension

    .crw

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      7ceca82e51c65027b9f5898bc20f9cc7

    • Size

      272KB

    • MD5

      7ceca82e51c65027b9f5898bc20f9cc7

    • SHA1

      c547998124f9baf51aac77f878d63975516f3625

    • SHA256

      305b4d78909b1c91af81359cf9eadb3ebb286cbd0539bf20189c98af65509242

    • SHA512

      749b07c4f4881f4a2d08ccc00cb343a44303fe1b5b72b2a440fcc91c9f63f373e166a268445f2f4729e91ab3b9e8f75d59cfb1e47a51dd1d2ed4bab619f3f0b8

    • SSDEEP

      6144:Occ9NHV+aVVxiPMFSyVhcOhk5ju147FwPp3mZVG8ws:m9ZV+avxiPMaOW5wPl0w

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks