Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e3e854c21e9947d39c88bc0cefc4dc20N

  • Size

    163KB

  • Sample

    240909-def56syanq

  • MD5

    e3e854c21e9947d39c88bc0cefc4dc20

  • SHA1

    4761f867d485ab1cfd5a4762a86bada84c95c4a7

  • SHA256

    9042e9c70221e553f74827915874d9bd28b2c40cc520507f40038673f5653f0a

  • SHA512

    00f4bbad593c6abf5192e479c979c4827492eab02a68c09d7a46a210272542a58d58e878a40c6ee33678d76e672fa38b1d4255a2d65a6cdd0feb24af008f31c9

  • SSDEEP

    1536:PERyEB/6UaMBdYlOzzinpsGFii9G0WlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:vEZMYSpFFiHNltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      e3e854c21e9947d39c88bc0cefc4dc20N

    • Size

      163KB

    • MD5

      e3e854c21e9947d39c88bc0cefc4dc20

    • SHA1

      4761f867d485ab1cfd5a4762a86bada84c95c4a7

    • SHA256

      9042e9c70221e553f74827915874d9bd28b2c40cc520507f40038673f5653f0a

    • SHA512

      00f4bbad593c6abf5192e479c979c4827492eab02a68c09d7a46a210272542a58d58e878a40c6ee33678d76e672fa38b1d4255a2d65a6cdd0feb24af008f31c9

    • SSDEEP

      1536:PERyEB/6UaMBdYlOzzinpsGFii9G0WlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:vEZMYSpFFiHNltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks