Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

94411f0873...in.exe

windows7-x64

3

94411f0873...in.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f_dump.bin.exe

  • Size

    38KB

  • Sample

    240529-arrkwsaf7x

  • MD5

    7732d02d81d8c0b5b22cd6eab1b754f6

  • SHA1

    490743abb712f9875b9146e398a9e1b85ec84438

  • SHA256

    5a71b92d9d691754a5ff056b7d4aa819e26f2e55485d17623c5be00e431d91f8

  • SHA512

    d6e657d4824a4d79e771c3ec20006a216c4e25b47c2d9cdf230bc71973fd7fb0ec965aac8568f226d59d55dfe5705866b3f6e6b9e7d5d872afe15b2a96a77f19

  • SSDEEP

    768:3yyQXfpwh0ZOds/5EXv2C54NbptaDL0grngoZHYgXLBYfUV:3y9fpvZOdsx2v2+4b/aDLDrnpYgXLKf

Score
10/10
gozi4780bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214084

Extracted

Family

gozi

Botnet

4780

C2

microsoft.com

avast.com
Attributes
  • build

    214084

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMyCog/Dbnx1yxJdTD14c4IPZikKp5M8
3
X0DXBdejAdKK00qCyQHqy1d+O+vihGBOI8C48MIR1x3yJutq3qq387cCAwEAAQ==
4
-----END PUBLIC KEY-----
serpent.plain
1
10291029JSJUYUON

Targets

    • Target

      94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f_dump.bin.exe

    • Size

      38KB

    • MD5

      7732d02d81d8c0b5b22cd6eab1b754f6

    • SHA1

      490743abb712f9875b9146e398a9e1b85ec84438

    • SHA256

      5a71b92d9d691754a5ff056b7d4aa819e26f2e55485d17623c5be00e431d91f8

    • SHA512

      d6e657d4824a4d79e771c3ec20006a216c4e25b47c2d9cdf230bc71973fd7fb0ec965aac8568f226d59d55dfe5705866b3f6e6b9e7d5d872afe15b2a96a77f19

    • SSDEEP

      768:3yyQXfpwh0ZOds/5EXv2C54NbptaDL0grngoZHYgXLBYfUV:3y9fpvZOdsx2v2+4b/aDLDrnpYgXLKf

    Score
    10/10
    gozi4780bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.