Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    main.php.00_0006ea00.dll

  • Size

    442KB

  • Sample

    240209-cjpgnsec7w

  • MD5

    c661c4659c4ecc91fda3c192226878bf

  • SHA1

    3f120537b9bd8fa0365ae8459d7394502a5ff511

  • SHA256

    730e35f847304e4d4e5a7aec86b1b39c41aecf29d445034439484689e1abff4f

  • SHA512

    963b4b7a5f5554e5606ec544f35a83ec72456c646a7301b3171ab0bf90a8aab3085860f70ee8276885233766bc495c727b2b5d4128b174ef2aa0b41834ece649

  • SSDEEP

    12288:kHlAiJHCwjXvMHk37t4Mv//IfN/YoyL8ozF0nxatQ:kHltJHCkvH/IJvUWxat

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3500

C2

init.icecreambob.com

app.updatebrouser.com

fun.lakeofgold.com

Attributes
  • build

    250211

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      main.php.00_0006ea00.dll

    • Size

      442KB

    • MD5

      c661c4659c4ecc91fda3c192226878bf

    • SHA1

      3f120537b9bd8fa0365ae8459d7394502a5ff511

    • SHA256

      730e35f847304e4d4e5a7aec86b1b39c41aecf29d445034439484689e1abff4f

    • SHA512

      963b4b7a5f5554e5606ec544f35a83ec72456c646a7301b3171ab0bf90a8aab3085860f70ee8276885233766bc495c727b2b5d4128b174ef2aa0b41834ece649

    • SSDEEP

      12288:kHlAiJHCwjXvMHk37t4Mv//IfN/YoyL8ozF0nxatQ:kHltJHCkvH/IJvUWxat

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks