Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d80c29813bfbc3cbcbd469249d49ebf3_JaffaCakes118

  • Size

    458KB

  • Sample

    240910-l6wzpsyblq

  • MD5

    d80c29813bfbc3cbcbd469249d49ebf3

  • SHA1

    b714a2ce92e01f9e63825ba1562988b0eb8b3a90

  • SHA256

    89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a

  • SHA512

    451c74e6d18999de7f859e054a845db56de38e42b3efcce81a6ddc606ab41b2b63ecd5a75b7113f4778d7ffdb23537100b7c41ceb61e1f5c48af5b1725fd041c

  • SSDEEP

    6144:ybtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:ymmCVRtPvq2+d/

Malware Config

Extracted

Family

gozi

Targets

    • Target

      d80c29813bfbc3cbcbd469249d49ebf3_JaffaCakes118

    • Size

      458KB

    • MD5

      d80c29813bfbc3cbcbd469249d49ebf3

    • SHA1

      b714a2ce92e01f9e63825ba1562988b0eb8b3a90

    • SHA256

      89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a

    • SHA512

      451c74e6d18999de7f859e054a845db56de38e42b3efcce81a6ddc606ab41b2b63ecd5a75b7113f4778d7ffdb23537100b7c41ceb61e1f5c48af5b1725fd041c

    • SSDEEP

      6144:ybtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:ymmCVRtPvq2+d/

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks