Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    applehook_temp.exe

  • Size

    4.8MB

  • Sample

    240210-nrd7fsde86

  • MD5

    8df3fe7e08d0ff040065c59b0eaf4235

  • SHA1

    53820be352920258110ae5f20fb2e6abe1361f99

  • SHA256

    ae21ba5180792c82ca62a790eb46de8d521e95bf5c8fe79d7db8d4593fca32db

  • SHA512

    72561ba8d7e6684ba67912edf3614950bd5c4eeaa7d0aded5f3a3103b89271e4d89e9a2e5e90f5a590768499d1b14d2382135183cccc7ec9aff64994e887a962

  • SSDEEP

    98304:Gl77m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6KtHw:OW+y4ihkl/Wo/afHPj

Malware Config

Extracted

Family

gozi

Targets

    • Target

      applehook_temp.exe

    • Size

      4.8MB

    • MD5

      8df3fe7e08d0ff040065c59b0eaf4235

    • SHA1

      53820be352920258110ae5f20fb2e6abe1361f99

    • SHA256

      ae21ba5180792c82ca62a790eb46de8d521e95bf5c8fe79d7db8d4593fca32db

    • SHA512

      72561ba8d7e6684ba67912edf3614950bd5c4eeaa7d0aded5f3a3103b89271e4d89e9a2e5e90f5a590768499d1b14d2382135183cccc7ec9aff64994e887a962

    • SSDEEP

      98304:Gl77m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6KtHw:OW+y4ihkl/Wo/afHPj

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks