Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dfca89ecd792f95f408b8ca7980e9070N.exe

  • Size

    163KB

  • Sample

    240725-thjcpsygql

  • MD5

    dfca89ecd792f95f408b8ca7980e9070

  • SHA1

    2655bc6b4c0a395191d061790ebe2c10359162b1

  • SHA256

    ed9b8489ff343575b1322549555a0a5228c811378a6926ad928c159626619abf

  • SHA512

    3b74415ec6c392c689dce754df3efe3469291d6af59a635006ef68045e9e3f5cc54b05ad2c7da54ff103423675749fe9733e7556da1c411b89d9912a0e7a9bbf

  • SSDEEP

    1536:P53VezWf0kb+5LccoVflProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:mzWfMvAfltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      dfca89ecd792f95f408b8ca7980e9070N.exe

    • Size

      163KB

    • MD5

      dfca89ecd792f95f408b8ca7980e9070

    • SHA1

      2655bc6b4c0a395191d061790ebe2c10359162b1

    • SHA256

      ed9b8489ff343575b1322549555a0a5228c811378a6926ad928c159626619abf

    • SHA512

      3b74415ec6c392c689dce754df3efe3469291d6af59a635006ef68045e9e3f5cc54b05ad2c7da54ff103423675749fe9733e7556da1c411b89d9912a0e7a9bbf

    • SSDEEP

      1536:P53VezWf0kb+5LccoVflProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:mzWfMvAfltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks