Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aa0b12611c9a7b964486437f3914be10N

  • Size

    163KB

  • Sample

    240908-adrnqsshjp

  • MD5

    aa0b12611c9a7b964486437f3914be10

  • SHA1

    29e30867a8110738d5b87b013281b45f7580a7ba

  • SHA256

    94a7200eeacdd9938e356bf0e5b21f0a9773b4566b51877052d6bae911cc1c0e

  • SHA512

    f9a0a2c3aa21d8eec14b7ed7e7c939a4f4ae992fd7b944daf91ccfa39df13fa516fcd619a6b11ed1697679d10ad011460e473ad9067ced7b370b58d9d00c66c5

  • SSDEEP

    1536:PPUvUhgyTN+/V9c4p39y8agC8lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:XhhgFbpNy8ap8ltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      aa0b12611c9a7b964486437f3914be10N

    • Size

      163KB

    • MD5

      aa0b12611c9a7b964486437f3914be10

    • SHA1

      29e30867a8110738d5b87b013281b45f7580a7ba

    • SHA256

      94a7200eeacdd9938e356bf0e5b21f0a9773b4566b51877052d6bae911cc1c0e

    • SHA512

      f9a0a2c3aa21d8eec14b7ed7e7c939a4f4ae992fd7b944daf91ccfa39df13fa516fcd619a6b11ed1697679d10ad011460e473ad9067ced7b370b58d9d00c66c5

    • SSDEEP

      1536:PPUvUhgyTN+/V9c4p39y8agC8lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:XhhgFbpNy8ap8ltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks