Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cb0be58d4aae844af1205b945dbde560N

  • Size

    163KB

  • Sample

    240907-2h6f8s1gpe

  • MD5

    cb0be58d4aae844af1205b945dbde560

  • SHA1

    d70208e26c03f3da030e5edc333acc0f243faafb

  • SHA256

    efffcdc792ea9225dab82ab47a018714fa46c8983cb1fb494322b665bf853190

  • SHA512

    b0f746d3a6dc4f4ec394383305892996fef25b03b427940b15f59cb5421e1ead0aa457166ca93775f000e9269b207f4353c03b516024bac18c017ab3d640878a

  • SSDEEP

    3072:3cir1k7DWIWGAL1FEx+ltOrWKDBr+yJb:/mOeALDu+LOf

Malware Config

Extracted

Family

gozi

Targets

    • Target

      cb0be58d4aae844af1205b945dbde560N

    • Size

      163KB

    • MD5

      cb0be58d4aae844af1205b945dbde560

    • SHA1

      d70208e26c03f3da030e5edc333acc0f243faafb

    • SHA256

      efffcdc792ea9225dab82ab47a018714fa46c8983cb1fb494322b665bf853190

    • SHA512

      b0f746d3a6dc4f4ec394383305892996fef25b03b427940b15f59cb5421e1ead0aa457166ca93775f000e9269b207f4353c03b516024bac18c017ab3d640878a

    • SSDEEP

      3072:3cir1k7DWIWGAL1FEx+ltOrWKDBr+yJb:/mOeALDu+LOf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks