Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d06e2dac6de3ec1b5ae871128ca76f30N

  • Size

    163KB

  • Sample

    240909-ffk7mavelg

  • MD5

    d06e2dac6de3ec1b5ae871128ca76f30

  • SHA1

    f9a85e5b4d86eb8304e572c79dc838e04ec18fd3

  • SHA256

    9881a1da05c579ae955d6c637d0d2171ba17235fb988fbc8f967c09620f525ff

  • SHA512

    3546036bd4c75be65d13a88d1d19edb069020a86d9eeefa79c828cc1958c85c6754e858842d27caee03023aed745a620a1648ea5e1f639542d6f1a90d89a2a5a

  • SSDEEP

    1536:PZGzjf61jF+na30h+961bbjB4JZdWAlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:wzr65vy1PlqPltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      d06e2dac6de3ec1b5ae871128ca76f30N

    • Size

      163KB

    • MD5

      d06e2dac6de3ec1b5ae871128ca76f30

    • SHA1

      f9a85e5b4d86eb8304e572c79dc838e04ec18fd3

    • SHA256

      9881a1da05c579ae955d6c637d0d2171ba17235fb988fbc8f967c09620f525ff

    • SHA512

      3546036bd4c75be65d13a88d1d19edb069020a86d9eeefa79c828cc1958c85c6754e858842d27caee03023aed745a620a1648ea5e1f639542d6f1a90d89a2a5a

    • SSDEEP

      1536:PZGzjf61jF+na30h+961bbjB4JZdWAlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:wzr65vy1PlqPltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks