Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    987fef059b1de2791ae99876c864d26b

  • Size

    715KB

  • Sample

    240213-fbd8hscf38

  • MD5

    987fef059b1de2791ae99876c864d26b

  • SHA1

    a9aeeb4edfdfd086a91212d534f1a107fccc16ce

  • SHA256

    56ed446dbc6513c68a357fdac55eaffd9ce6463256f5c3bcc0455a571c9f614b

  • SHA512

    441c547882691bcec7d91d30b6a0359083baef1a8a536bad060f64e79db4735e7f833c662b47839549aa3c4d4b11ea92700baeb7751d93052907b2a8b3b1ef14

  • SSDEEP

    12288:pK3D4laYy90hc/HY+4bgfRXIAeDGFu1ksh4HA6fgsLLkpztariSOL9RTxmTmKAU:AVYy5/B5XIAeqFumsh4g6ZLLkTa3OL9C

Malware Config

Extracted

Family

gozi

Targets

    • Target

      987fef059b1de2791ae99876c864d26b

    • Size

      715KB

    • MD5

      987fef059b1de2791ae99876c864d26b

    • SHA1

      a9aeeb4edfdfd086a91212d534f1a107fccc16ce

    • SHA256

      56ed446dbc6513c68a357fdac55eaffd9ce6463256f5c3bcc0455a571c9f614b

    • SHA512

      441c547882691bcec7d91d30b6a0359083baef1a8a536bad060f64e79db4735e7f833c662b47839549aa3c4d4b11ea92700baeb7751d93052907b2a8b3b1ef14

    • SSDEEP

      12288:pK3D4laYy90hc/HY+4bgfRXIAeDGFu1ksh4HA6fgsLLkpztariSOL9RTxmTmKAU:AVYy5/B5XIAeqFumsh4g6ZLLkTa3OL9C

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks