Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7ecc80aeb3eeb8c263891f2bb4fc1a14

  • Size

    234KB

  • Sample

    240129-ebt4ashce9

  • MD5

    7ecc80aeb3eeb8c263891f2bb4fc1a14

  • SHA1

    48f5d693c3fae2ba3f211cc84179b4b18060affb

  • SHA256

    68e8aea355c8a25013061236f02f704b1c24afc677e805a8ade1289aead50202

  • SHA512

    80c99e48ffbb95e2505d42dfd175956fd49192f27e174cefc278dbceda57d9baa4772ce5c471befe1388cf99627b9f42abf186a806cfca4968274000c6d2b129

  • SSDEEP

    3072:h73L0WE+9HEb9mMhLTaWTuNua4VRTaH3QJZn7A1dnaSXPvumBryi9KQ5KSAsK87a:h3LxNgPhLTqr4f2HgJR72Z/vxB39L+r

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2500

C2

gtr.antoinfer.com

app.bighomegl.at

Attributes
  • build

    250211

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      7ecc80aeb3eeb8c263891f2bb4fc1a14

    • Size

      234KB

    • MD5

      7ecc80aeb3eeb8c263891f2bb4fc1a14

    • SHA1

      48f5d693c3fae2ba3f211cc84179b4b18060affb

    • SHA256

      68e8aea355c8a25013061236f02f704b1c24afc677e805a8ade1289aead50202

    • SHA512

      80c99e48ffbb95e2505d42dfd175956fd49192f27e174cefc278dbceda57d9baa4772ce5c471befe1388cf99627b9f42abf186a806cfca4968274000c6d2b129

    • SSDEEP

      3072:h73L0WE+9HEb9mMhLTaWTuNua4VRTaH3QJZn7A1dnaSXPvumBryi9KQ5KSAsK87a:h3LxNgPhLTqr4f2HgJR72Z/vxB39L+r

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks