Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d6104fbaaf8a5c9bb1ee5bcb6021ca0a_JaffaCakes118

  • Size

    433KB

  • Sample

    240909-lqltssthnc

  • MD5

    d6104fbaaf8a5c9bb1ee5bcb6021ca0a

  • SHA1

    5fd203676511c282b25d1b67e598737eac0d1945

  • SHA256

    43da798c8942ec1aa2dc22c8de77ad52791c3b6b721cb02875275eb3039361f0

  • SHA512

    1ba783277bbe69e09fea6af8bb76dcc0883e77e6113edeeabc9b43318927be1bf4e5066543059cf15226fbec19b5c911ec50a8fad3b738928b159ae134e4984f

  • SSDEEP

    12288:RxpU/mkDDtWRErl8AxGI8RVcZe9K+SsGQ/KT8G:Lp56m26MSVcZj

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214082

Extracted

Family

gozi

Botnet

3358

C2

woa79ewinfield.club

n4curtispablo.info

w3438e49rodolfo.info

Attributes
  • build

    214082

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      d6104fbaaf8a5c9bb1ee5bcb6021ca0a_JaffaCakes118

    • Size

      433KB

    • MD5

      d6104fbaaf8a5c9bb1ee5bcb6021ca0a

    • SHA1

      5fd203676511c282b25d1b67e598737eac0d1945

    • SHA256

      43da798c8942ec1aa2dc22c8de77ad52791c3b6b721cb02875275eb3039361f0

    • SHA512

      1ba783277bbe69e09fea6af8bb76dcc0883e77e6113edeeabc9b43318927be1bf4e5066543059cf15226fbec19b5c911ec50a8fad3b738928b159ae134e4984f

    • SSDEEP

      12288:RxpU/mkDDtWRErl8AxGI8RVcZe9K+SsGQ/KT8G:Lp56m26MSVcZj

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks