Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d35b1dd8e89953811b78f2c1cc2e0d10_JaffaCakes118

  • Size

    269KB

  • Sample

    240908-c9sa9a1blk

  • MD5

    d35b1dd8e89953811b78f2c1cc2e0d10

  • SHA1

    246865d3c93d0b1fa6956838fdc433d801948ce0

  • SHA256

    2d8d8b6bb080d479196c876f53da7e4d1f547cf37da03a43c225d3a45ed88174

  • SHA512

    628037f8ab5e4e73f88b5c4794b47acd3a494881daf37a358be9d0cc34e8cb79c1880e1ea5f71a77ede4fb93884a33d342cd79c8dd63db946dbf28f6e5cf95d9

  • SSDEEP

    6144:VVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:VVfjDmtW/adCC4/UIsBhN/5

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      d35b1dd8e89953811b78f2c1cc2e0d10_JaffaCakes118

    • Size

      269KB

    • MD5

      d35b1dd8e89953811b78f2c1cc2e0d10

    • SHA1

      246865d3c93d0b1fa6956838fdc433d801948ce0

    • SHA256

      2d8d8b6bb080d479196c876f53da7e4d1f547cf37da03a43c225d3a45ed88174

    • SHA512

      628037f8ab5e4e73f88b5c4794b47acd3a494881daf37a358be9d0cc34e8cb79c1880e1ea5f71a77ede4fb93884a33d342cd79c8dd63db946dbf28f6e5cf95d9

    • SSDEEP

      6144:VVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:VVfjDmtW/adCC4/UIsBhN/5

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks