Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7683cef6ecb5ad726f15c53143c1f2e0N.exe

  • Size

    163KB

  • Sample

    240906-eg3mmavgmc

  • MD5

    7683cef6ecb5ad726f15c53143c1f2e0

  • SHA1

    5915fdb38628715046f5fb60781edadb0996a1e2

  • SHA256

    c3f8383d75c9393c71a18763eb77fdd18675b1c8d7fa7e16bb8c898d907d39dd

  • SHA512

    6b71d4fd3cc7eaed42c74e9f0818be65538eb7ef6049b4f8b7a51fa5aed623359c4ba81d30f5fae8ac37e2a93795144cc11bda0c184faeb76fe43e8aca1a5b11

  • SSDEEP

    1536:PD3RQqMxC4F2/9vnYzyOl16WlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:fMxC4F2/azyOlQWltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      7683cef6ecb5ad726f15c53143c1f2e0N.exe

    • Size

      163KB

    • MD5

      7683cef6ecb5ad726f15c53143c1f2e0

    • SHA1

      5915fdb38628715046f5fb60781edadb0996a1e2

    • SHA256

      c3f8383d75c9393c71a18763eb77fdd18675b1c8d7fa7e16bb8c898d907d39dd

    • SHA512

      6b71d4fd3cc7eaed42c74e9f0818be65538eb7ef6049b4f8b7a51fa5aed623359c4ba81d30f5fae8ac37e2a93795144cc11bda0c184faeb76fe43e8aca1a5b11

    • SSDEEP

      1536:PD3RQqMxC4F2/9vnYzyOl16WlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:fMxC4F2/azyOlQWltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks