Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

fc30a88f6f...0N.exe

windows7-x64

10

fc30a88f6f...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc30a88f6fd77b485fe5d86e2c99f130N

  • Size

    163KB

  • Sample

    240909-ypsbeaxbpn

  • MD5

    fc30a88f6fd77b485fe5d86e2c99f130

  • SHA1

    2ba78bdc680505b5ba807c96325699f35cd451fe

  • SHA256

    0b773e6bae6e08748719da4859713507b55b53894adb81f7066c82ea8f090aa3

  • SHA512

    ee2b2e5ac8dd7f2bfc77bdcb74c3698bd7dc0628ba64de5e9c8da25640a3f17446e4e3a57a859c7d8761f1506ff7f832e08eac44814618d4f4efa33cd12d03b0

  • SSDEEP

    1536:PU8nljADVUy0BBc7ba45fKXklProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:sgjtBBa7W4BKXkltOrWKDBr+yJb

Score
10/10
gozibankerdiscoveryisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      fc30a88f6fd77b485fe5d86e2c99f130N

    • Size

      163KB

    • MD5

      fc30a88f6fd77b485fe5d86e2c99f130

    • SHA1

      2ba78bdc680505b5ba807c96325699f35cd451fe

    • SHA256

      0b773e6bae6e08748719da4859713507b55b53894adb81f7066c82ea8f090aa3

    • SHA512

      ee2b2e5ac8dd7f2bfc77bdcb74c3698bd7dc0628ba64de5e9c8da25640a3f17446e4e3a57a859c7d8761f1506ff7f832e08eac44814618d4f4efa33cd12d03b0

    • SSDEEP

      1536:PU8nljADVUy0BBc7ba45fKXklProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:sgjtBBa7W4BKXkltOrWKDBr+yJb

    Score
    10/10
    discoverypersistencegozibankerisfbtrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks