Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dc6b1793df34f80670bef07032254ef7eff26912c8ad43ef4521d3f200b70319

  • Size

    163KB

  • Sample

    240910-n7gyaatamq

  • MD5

    ba123dc52b41fb93fe799492acc5c5dd

  • SHA1

    3aa8dad8636f853a9422470fdc5c638aaffa981b

  • SHA256

    dc6b1793df34f80670bef07032254ef7eff26912c8ad43ef4521d3f200b70319

  • SHA512

    75697e01fc0489f3f5b893132e43032b5d57c0fa5e15d546372efc35735f2f131deed4f295650fcc8088c86015c2dab3911c5c21df5002a4dbbe4ba5957a7b54

  • SSDEEP

    1536:PraX/gtMEUBM3cM7zQFxSj/RQRyw0Js0S73EeN2olProNVU4qNVUrk/9QbfBr+7g:DaEaCTUu/RnSjExoltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      dc6b1793df34f80670bef07032254ef7eff26912c8ad43ef4521d3f200b70319

    • Size

      163KB

    • MD5

      ba123dc52b41fb93fe799492acc5c5dd

    • SHA1

      3aa8dad8636f853a9422470fdc5c638aaffa981b

    • SHA256

      dc6b1793df34f80670bef07032254ef7eff26912c8ad43ef4521d3f200b70319

    • SHA512

      75697e01fc0489f3f5b893132e43032b5d57c0fa5e15d546372efc35735f2f131deed4f295650fcc8088c86015c2dab3911c5c21df5002a4dbbe4ba5957a7b54

    • SSDEEP

      1536:PraX/gtMEUBM3cM7zQFxSj/RQRyw0Js0S73EeN2olProNVU4qNVUrk/9QbfBr+7g:DaEaCTUu/RnSjExoltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks