Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

14/02/2024, 11:13

240214-nbyadshg39 10

09/02/2024, 03:05

240209-dk69jsfa6t 10

General

  • Target

    eb5218ce153db41158bdf7700ae8a51e415a418bb63896b3a7138ad49b520598.8cd6_9a00.dll

  • Size

    38KB

  • Sample

    240209-dk69jsfa6t

  • MD5

    7bb8b5974a947f223ae2b9517a5641d0

  • SHA1

    3dd551351bb7a15a9bb3b3b09611b4b9704e4e91

  • SHA256

    8bf69fe9bf7e1da499c6b18681b836b3dbf31c1ceb304009354217e95bf11999

  • SHA512

    bcddd4038c0482bc9bf6f1aaa7f6ae1505ad89738c421737cb07e3f5df04677745bed96c46601ac7658e989975030825ab4bcd6637e736ae61870b310a97b914

  • SSDEEP

    768:Gn9UckpReivxim+Ky3Yr4YWtaoOGIHnef+Y0cQCKScVsy:CYzFi/IrUQo8HzScz

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3500

C2

init.icecreambob.com

app.updatebrouser.com

fun.lakeofgold.com

Attributes
  • build

    250211

  • exe_type

    loader

  • server_id

    580

rsa_pubkey.plain
aes.plain

Targets

    • Target

      eb5218ce153db41158bdf7700ae8a51e415a418bb63896b3a7138ad49b520598.8cd6_9a00.dll

    • Size

      38KB

    • MD5

      7bb8b5974a947f223ae2b9517a5641d0

    • SHA1

      3dd551351bb7a15a9bb3b3b09611b4b9704e4e91

    • SHA256

      8bf69fe9bf7e1da499c6b18681b836b3dbf31c1ceb304009354217e95bf11999

    • SHA512

      bcddd4038c0482bc9bf6f1aaa7f6ae1505ad89738c421737cb07e3f5df04677745bed96c46601ac7658e989975030825ab4bcd6637e736ae61870b310a97b914

    • SSDEEP

      768:Gn9UckpReivxim+Ky3Yr4YWtaoOGIHnef+Y0cQCKScVsy:CYzFi/IrUQo8HzScz

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks