Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e41af719b5...18.exe

windows7-x64

10

e41af719b5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e41af719b576dc456e146f4b0c5136ef_JaffaCakes118

  • Size

    142KB

  • Sample

    240916-gabxfa1cnh

  • MD5

    e41af719b576dc456e146f4b0c5136ef

  • SHA1

    684039a9a14926d3f7f3991a174b1c3ca2b3e142

  • SHA256

    bbcf20b977e259b0d42c3f5da4f6f31263fd767fa772fa5c29f466c40efae883

  • SHA512

    6d2cb88cb049fc01e32ca384fc7879206df6312bacac543bf419a6a68c191d9623a20e97b9d8469c3304a1474aeece9976319b368e857b0b13832d2c398b648d

  • SSDEEP

    1536:FIQnHIr/BJLGM/LOzDkklLfIohQkZWmiogi9bjZCZfqwRa6mCYn5ifL7:FVinLFTOBLfIohQ0WmiotbjIhoIYn5i

Score
10/10
gozi7676bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7676

C2

updates.microsoft.com

zalupilosi.xyz

joomlaparamaoun.xyz
Attributes
  • base_path

    /manifest/

  • build

    250177

  • dga_season

    10

  • exe_type

    loader

  • extension

    .dih

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      e41af719b576dc456e146f4b0c5136ef_JaffaCakes118

    • Size

      142KB

    • MD5

      e41af719b576dc456e146f4b0c5136ef

    • SHA1

      684039a9a14926d3f7f3991a174b1c3ca2b3e142

    • SHA256

      bbcf20b977e259b0d42c3f5da4f6f31263fd767fa772fa5c29f466c40efae883

    • SHA512

      6d2cb88cb049fc01e32ca384fc7879206df6312bacac543bf419a6a68c191d9623a20e97b9d8469c3304a1474aeece9976319b368e857b0b13832d2c398b648d

    • SSDEEP

      1536:FIQnHIr/BJLGM/LOzDkklLfIohQkZWmiogi9bjZCZfqwRa6mCYn5ifL7:FVinLFTOBLfIohQ0WmiotbjIhoIYn5i

    Score
    10/10
    gozi7676bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks