Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    69a526549b9c4d4ae50c346af0185ae0N

  • Size

    163KB

  • Sample

    240908-c31daazfmq

  • MD5

    69a526549b9c4d4ae50c346af0185ae0

  • SHA1

    ed813e351c6a18995db2a494aa1e5bb4b916c666

  • SHA256

    3b07777beee7e4159778bd5e2dc4d151a95922c26118cefe16145c3dc885786e

  • SHA512

    2dd1031b0e6c99c3aff6e47c9473749c2a7e7bff6efbc6215cd8381b2c03f53056c142b8b4b583c9f210dc242c2c36bc318abfedd0eb995d7ecb7d0ed75b0249

  • SSDEEP

    3072:cV5RdkEPl6UqtI0uNjLPIltOrWKDBr+yJb:cXRdkE9pgQ/ILOf

Malware Config

Extracted

Family

gozi

Targets

    • Target

      69a526549b9c4d4ae50c346af0185ae0N

    • Size

      163KB

    • MD5

      69a526549b9c4d4ae50c346af0185ae0

    • SHA1

      ed813e351c6a18995db2a494aa1e5bb4b916c666

    • SHA256

      3b07777beee7e4159778bd5e2dc4d151a95922c26118cefe16145c3dc885786e

    • SHA512

      2dd1031b0e6c99c3aff6e47c9473749c2a7e7bff6efbc6215cd8381b2c03f53056c142b8b4b583c9f210dc242c2c36bc318abfedd0eb995d7ecb7d0ed75b0249

    • SSDEEP

      3072:cV5RdkEPl6UqtI0uNjLPIltOrWKDBr+yJb:cXRdkE9pgQ/ILOf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks