Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d7bf1746232e20ee8c4542045962f3ca_JaffaCakes118

  • Size

    455KB

  • Sample

    240910-hm5kysselb

  • MD5

    d7bf1746232e20ee8c4542045962f3ca

  • SHA1

    0d5d956638a9a76f361c5fed3ac2cd27648324dc

  • SHA256

    1a4828762a639d30ac674861dddeb8bae3aa2e87a4a6fe6b602a58112f5f0a95

  • SHA512

    c95206819ed9f62ef39207c3959fc79ad1ae5ae93a71b71537705c3ca7ebe94f03d622b4318d0383c9489e2d0f876c5aef7b0264df8aa0147b8359cf9ba550a2

  • SSDEEP

    6144:pk69oa2DnZot8e/toa/YhFdXtH9dXfZNJIYb9eHg1jgw:pF72DnOt1NiH9dXRgw

Malware Config

Extracted

Family

gozi

Attributes
  • build

    214062

Extracted

Family

gozi

Botnet

3183

C2

v99jarret3287x.com

huymireyai.company

so64a92elody.email

Attributes
  • build

    214062

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      d7bf1746232e20ee8c4542045962f3ca_JaffaCakes118

    • Size

      455KB

    • MD5

      d7bf1746232e20ee8c4542045962f3ca

    • SHA1

      0d5d956638a9a76f361c5fed3ac2cd27648324dc

    • SHA256

      1a4828762a639d30ac674861dddeb8bae3aa2e87a4a6fe6b602a58112f5f0a95

    • SHA512

      c95206819ed9f62ef39207c3959fc79ad1ae5ae93a71b71537705c3ca7ebe94f03d622b4318d0383c9489e2d0f876c5aef7b0264df8aa0147b8359cf9ba550a2

    • SSDEEP

      6144:pk69oa2DnZot8e/toa/YhFdXtH9dXfZNJIYb9eHg1jgw:pF72DnOt1NiH9dXRgw

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Enterprise v15

Tasks