gozi | 10307e2682b3b8e96016c25b040baceda6c0abe5924f5f0fe6a419a463c008d6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

d687cfde1c...18.exe

windows7-x64

8

d687cfde1c...18.exe

windows10-2004-x64

7

Sharing

General

Target

d687cfde1c4ea77de1b92ea2f9e90ad5_JaffaCakes118
Size

492KB
Sample

240909-r4hbestcqp
MD5

d687cfde1c4ea77de1b92ea2f9e90ad5
SHA1

5573481f54a2d7b9d31bae949e3226a20e925cf2
SHA256

10307e2682b3b8e96016c25b040baceda6c0abe5924f5f0fe6a419a463c008d6
SHA512

2d7b534049cd6d4176455caa24a51acbc523ab22c8f0131152e35bd368f7eb833c5fd9e2a59798a9cd9937c4dcad09057f6e565bf849bc94b9c5a0998ed27cb0
SSDEEP

6144:wmoZkbtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9Upx:wmoZkmmCVRtPvq2+d/

Score

10^/10

gozi discovery isfb persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d687cfde1c4ea77de1b92ea2f9e90ad5_JaffaCakes118.exe

Resource

win7-20240704-en

discovery persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

d687cfde1c4ea77de1b92ea2f9e90ad5_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  d687cfde1c4ea77de1b92ea2f9e90ad5_JaffaCakes118
- Size
  
  492KB
- MD5
  
  d687cfde1c4ea77de1b92ea2f9e90ad5
- SHA1
  
  5573481f54a2d7b9d31bae949e3226a20e925cf2
- SHA256
  
  10307e2682b3b8e96016c25b040baceda6c0abe5924f5f0fe6a419a463c008d6
- SHA512
  
  2d7b534049cd6d4176455caa24a51acbc523ab22c8f0131152e35bd368f7eb833c5fd9e2a59798a9cd9937c4dcad09057f6e565bf849bc94b9c5a0998ed27cb0
- SSDEEP
  
  6144:wmoZkbtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9Upx:wmoZkmmCVRtPvq2+d/
Score

8^/10

discovery persistence
- Server Software Component: Terminal Services DLL
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

© 2018-2025

Terms | Privacy