Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a418c6f5f97f8d1f96808ad21b1ae53ef35ef75f5cd70207c146b1ba82c54449

  • Size

    163KB

  • Sample

    240910-a6pd3syekl

  • MD5

    b27444a7afa3670a9e3c9052c8e231e1

  • SHA1

    78061baf7a7232630fdaa2e27731f40eb8863345

  • SHA256

    a418c6f5f97f8d1f96808ad21b1ae53ef35ef75f5cd70207c146b1ba82c54449

  • SHA512

    7047ab97a990b7a2b99af5ed43e5c1d553e820fe115b821c9109ad7095d5399ce1327b805b25db98a633177667665f6cac7bbb6f86ff5a4b0496ed7d27852ea4

  • SSDEEP

    1536:P+dmL4aNRVm5IdVMI1cbj8UYZ9GDMEB40OllProNVU4qNVUrk/9QbfBr+7GwKrPb:2mPndKHbjQ9GdW0+ltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      a418c6f5f97f8d1f96808ad21b1ae53ef35ef75f5cd70207c146b1ba82c54449

    • Size

      163KB

    • MD5

      b27444a7afa3670a9e3c9052c8e231e1

    • SHA1

      78061baf7a7232630fdaa2e27731f40eb8863345

    • SHA256

      a418c6f5f97f8d1f96808ad21b1ae53ef35ef75f5cd70207c146b1ba82c54449

    • SHA512

      7047ab97a990b7a2b99af5ed43e5c1d553e820fe115b821c9109ad7095d5399ce1327b805b25db98a633177667665f6cac7bbb6f86ff5a4b0496ed7d27852ea4

    • SSDEEP

      1536:P+dmL4aNRVm5IdVMI1cbj8UYZ9GDMEB40OllProNVU4qNVUrk/9QbfBr+7GwKrPb:2mPndKHbjQ9GdW0+ltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks