Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

e51a4cc027...18.exe

windows7-x64

10

e51a4cc027...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e51a4cc0272a98e9eddfec16667603f4_JaffaCakes118

  • Size

    336KB

  • Sample

    240916-tdbr3awdpf

  • MD5

    e51a4cc0272a98e9eddfec16667603f4

  • SHA1

    029d9f3419edcc3b0722842e36e73a8d7095f3ae

  • SHA256

    a8137d09f5225c1777a5001f5178e64c6cbdc9db68ee0130375b5454a06c7331

  • SHA512

    b90af291d82215802d2e115b8cb9e1347688b3388612ebbaf59e5329654a96053d23705397be5af6b5855a77e679438f9e19127695051ed7175aae2892273e31

  • SSDEEP

    3072:4iEQk27uMKsqwrg+bwaaszx3xSLRHUdp74k6QOfQQ6FpuB3zOa9vMpuv/Xey:HEy6wzbllcUT4k1Of7Yp4jOa9Up4

Score
10/10
gozibankerdiscoveryisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      e51a4cc0272a98e9eddfec16667603f4_JaffaCakes118

    • Size

      336KB

    • MD5

      e51a4cc0272a98e9eddfec16667603f4

    • SHA1

      029d9f3419edcc3b0722842e36e73a8d7095f3ae

    • SHA256

      a8137d09f5225c1777a5001f5178e64c6cbdc9db68ee0130375b5454a06c7331

    • SHA512

      b90af291d82215802d2e115b8cb9e1347688b3388612ebbaf59e5329654a96053d23705397be5af6b5855a77e679438f9e19127695051ed7175aae2892273e31

    • SSDEEP

      3072:4iEQk27uMKsqwrg+bwaaszx3xSLRHUdp74k6QOfQQ6FpuB3zOa9vMpuv/Xey:HEy6wzbllcUT4k1Of7Yp4jOa9Up4

    Score
    10/10
    gozibankerdiscoveryisfbpersistencetrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Server Software Component: Terminal Services DLL

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks