Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    885a758e713f91ca3216d0b726e3b493

  • Size

    472KB

  • Sample

    240202-daa4csedhr

  • MD5

    885a758e713f91ca3216d0b726e3b493

  • SHA1

    876ec414bb4a63a4328d4c7ea31b9f580f3e0c27

  • SHA256

    9f2b68ee511baea3f0418a75bc47d05957a5706125fe7bfa6d8cd425bd1c1cfc

  • SHA512

    82c60c7ef252d55f4cb57460aab53df26c5d2188f20f810dd14c3aaed58b1fc8c02d0e6f0b5baf0798a538a65c3457e3c939de18ba745a35e2919b7e2f159540

  • SSDEEP

    12288:u8T8E11FE68XEDGXZ9YG8nxub/vkfzJtCcZh:j11m/XJZv8y/cbZ

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3500

C2

gtr.antoinfer.com

f1.bablefiler.at

Attributes
  • build

    250211

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      885a758e713f91ca3216d0b726e3b493

    • Size

      472KB

    • MD5

      885a758e713f91ca3216d0b726e3b493

    • SHA1

      876ec414bb4a63a4328d4c7ea31b9f580f3e0c27

    • SHA256

      9f2b68ee511baea3f0418a75bc47d05957a5706125fe7bfa6d8cd425bd1c1cfc

    • SHA512

      82c60c7ef252d55f4cb57460aab53df26c5d2188f20f810dd14c3aaed58b1fc8c02d0e6f0b5baf0798a538a65c3457e3c939de18ba745a35e2919b7e2f159540

    • SSDEEP

      12288:u8T8E11FE68XEDGXZ9YG8nxub/vkfzJtCcZh:j11m/XJZv8y/cbZ

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks