Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

Ransom.Win...pt.exe

windows7-x64

7

Ransom.Win...pt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ransom.Win32.Tescrypt.pz-f4639330a7f3a905bc5faa07eee325f5d9dee6ef4e96e05eeff8e91682d3b43bN

  • Size

    80KB

  • Sample

    240916-kp8rhayemk

  • MD5

    e4810c25939a78d1479e52720a25b830

  • SHA1

    83fcc85e65f96989b6602f59273697e4bcfe7114

  • SHA256

    f4639330a7f3a905bc5faa07eee325f5d9dee6ef4e96e05eeff8e91682d3b43b

  • SHA512

    cc637e01a5a53baeb4909057347349687a0ff999f88c71a20b5263190ee341623ef78c22123aa3d988e06ae39a8c3ab73273b40bd81b4efbb2c35763437aa002

  • SSDEEP

    1536:EYPSyyHrcrpFPgzy7yCqF47UV1Hi8yBiweQKIIXIAZB0CmuJd4BXL:EMSyyLuFoLCqCm1C8yBijpBbd45

Score
10/10
gozibankerdiscoveryisfbtrojanupx

Malware Config

Extracted

Family

gozi

Targets

    • Target

      Ransom.Win32.Tescrypt.pz-f4639330a7f3a905bc5faa07eee325f5d9dee6ef4e96e05eeff8e91682d3b43bN

    • Size

      80KB

    • MD5

      e4810c25939a78d1479e52720a25b830

    • SHA1

      83fcc85e65f96989b6602f59273697e4bcfe7114

    • SHA256

      f4639330a7f3a905bc5faa07eee325f5d9dee6ef4e96e05eeff8e91682d3b43b

    • SHA512

      cc637e01a5a53baeb4909057347349687a0ff999f88c71a20b5263190ee341623ef78c22123aa3d988e06ae39a8c3ab73273b40bd81b4efbb2c35763437aa002

    • SSDEEP

      1536:EYPSyyHrcrpFPgzy7yCqF47UV1Hi8yBiweQKIIXIAZB0CmuJd4BXL:EMSyyLuFoLCqCm1C8yBijpBbd45

    Score
    10/10
    discoveryupxgozibankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks