Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

c29bc93653...63.exe

windows7-x64

10

c29bc93653...63.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c29bc936533df6eb7f488b0851932a8fa560201b736aca5aa29e50611afe7163

  • Size

    4.9MB

  • Sample

    240910-1ad7caxdle

  • MD5

    a106b652eb850f23e39eb85d0e9ef164

  • SHA1

    6e923945cbb917dcec22d40314669336269fa4c6

  • SHA256

    c29bc936533df6eb7f488b0851932a8fa560201b736aca5aa29e50611afe7163

  • SHA512

    fad9a918aaa3924c52fb74f8f71153e7bafa3fde200f3c16f0fb66edb745fff51d3c34105242793ba16f3c12ff4cb74b71fc10d76410674d89826222773bf504

  • SSDEEP

    98304:Db7A9aMnac9OyZ8DpCQdGWR+O/4vAXjU2lSBjlYh2grFZyNgnRC2b/BzM0DjGrCH:TRyEbgpR9ySBjGBkiR/P6O8neO3o

Score
10/10
gozibankerdiscoveryisfbtrojanupx

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c29bc936533df6eb7f488b0851932a8fa560201b736aca5aa29e50611afe7163

    • Size

      4.9MB

    • MD5

      a106b652eb850f23e39eb85d0e9ef164

    • SHA1

      6e923945cbb917dcec22d40314669336269fa4c6

    • SHA256

      c29bc936533df6eb7f488b0851932a8fa560201b736aca5aa29e50611afe7163

    • SHA512

      fad9a918aaa3924c52fb74f8f71153e7bafa3fde200f3c16f0fb66edb745fff51d3c34105242793ba16f3c12ff4cb74b71fc10d76410674d89826222773bf504

    • SSDEEP

      98304:Db7A9aMnac9OyZ8DpCQdGWR+O/4vAXjU2lSBjlYh2grFZyNgnRC2b/BzM0DjGrCH:TRyEbgpR9ySBjGBkiR/P6O8neO3o

    Score
    10/10
    gozibankerdiscoveryisfbtrojanupx

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks