Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f7ebd27e0815f37a1b808e1136b41e50N.exe

  • Size

    163KB

  • Sample

    240909-e31edsthqf

  • MD5

    f7ebd27e0815f37a1b808e1136b41e50

  • SHA1

    d3dc1fd2c1b208483fa0acd25cbb61bf1d9e6161

  • SHA256

    835eab87d5e60954a6c4000ca4fc443b3045b73ac7e2ecdafc5f565937132205

  • SHA512

    51a1d7d13d201298649aeac3aedfa3fec36e5fe9f11b7b651f4e47776455e2e17bd4e050373424dd1472b45808d6b83c6aa568752cad5fbcfa1c8370776a2617

  • SSDEEP

    1536:PdY5nEea01cmUdrfqMSLVklProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:VY5nJVKrABkltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      f7ebd27e0815f37a1b808e1136b41e50N.exe

    • Size

      163KB

    • MD5

      f7ebd27e0815f37a1b808e1136b41e50

    • SHA1

      d3dc1fd2c1b208483fa0acd25cbb61bf1d9e6161

    • SHA256

      835eab87d5e60954a6c4000ca4fc443b3045b73ac7e2ecdafc5f565937132205

    • SHA512

      51a1d7d13d201298649aeac3aedfa3fec36e5fe9f11b7b651f4e47776455e2e17bd4e050373424dd1472b45808d6b83c6aa568752cad5fbcfa1c8370776a2617

    • SSDEEP

      1536:PdY5nEea01cmUdrfqMSLVklProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:VY5nJVKrABkltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks