Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9478e610c7af99d5cabb5ff4589ede43

  • Size

    222KB

  • MD5

    9478e610c7af99d5cabb5ff4589ede43

  • SHA1

    c30f88514021d4c61cec75d59b450fac3bc25aff

  • SHA256

    f36fe743d7ebb3eecbbbae719168a323c6430248d1dfd94525d571ebb499d906

  • SHA512

    6a88ae76f4ea630087e27a9ba87b67fa87c03a7a61bc38cf69afe8dccedf6b93426dbd6072a20b605157f4f72592ee972668e5f121f2bf9c03efb5bfba9dab55

  • SSDEEP

    6144:cHExb7VwvtKNbnvSxYNiyf+D3Luvy5JH:pxb5wvtKRvSxY0G+D7uv0

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

1518

C2

ctl3dl1.windowsupdate.com

o22jqq.xyz

rv6akz.xyz

sq5av6.xyz

Attributes
  • base_path

    /images/

  • dga_season

    10

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    worker

  • extension

    .avi

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 9478e610c7af99d5cabb5ff4589ede43
    .dll windows:5 windows x64 arch:x64

    a2bba8f9bc87dc77d912b0ff63f31a67


    Headers

    Imports

    Sections