Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8859b59926b349b4944c849a7eaa27d2

  • Size

    784KB

  • Sample

    240202-c9lhpsedfp

  • MD5

    8859b59926b349b4944c849a7eaa27d2

  • SHA1

    45691eb06d8776cd4698bcab1e7149c8f4d55849

  • SHA256

    3cdf7414c576a253dca4601fae110a28d759b068a01798dafd65ba78d63d6912

  • SHA512

    c4a039bf297e6f64a4d018961181e2841674f3f9c27a5edd7661864a881ad682a2f7dcd8c5c1f7f800bfda0b131e6d5baa2df84d6304158f6156d43efc316a91

  • SSDEEP

    12288:dyoc80Q6qZdh7VXJjM1f72/CSX+RzSvlJL0YODDHvUcW9Zpx/YgIr:dO856q/XmFw5JQY+DLQDFR

Malware Config

Extracted

Family

gozi

Targets

    • Target

      8859b59926b349b4944c849a7eaa27d2

    • Size

      784KB

    • MD5

      8859b59926b349b4944c849a7eaa27d2

    • SHA1

      45691eb06d8776cd4698bcab1e7149c8f4d55849

    • SHA256

      3cdf7414c576a253dca4601fae110a28d759b068a01798dafd65ba78d63d6912

    • SHA512

      c4a039bf297e6f64a4d018961181e2841674f3f9c27a5edd7661864a881ad682a2f7dcd8c5c1f7f800bfda0b131e6d5baa2df84d6304158f6156d43efc316a91

    • SSDEEP

      12288:dyoc80Q6qZdh7VXJjM1f72/CSX+RzSvlJL0YODDHvUcW9Zpx/YgIr:dO856q/XmFw5JQY+DLQDFR

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks