Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8541c3e5a2fea353fab1657575993319_JaffaCakes118

  • Size

    534KB

  • Sample

    241102-nst93atamg

  • MD5

    8541c3e5a2fea353fab1657575993319

  • SHA1

    95383648af291e339dfa628a3950686e822e93d5

  • SHA256

    4897564a8c3fd201eb272b044f8c17a2518e6cc10fa6d1bbff806b4f012805ec

  • SHA512

    0ce82bf2397186e93d1f5f0f66576536dd66462d940b781a8e0f0e52041d3d3ca604dbfd15a3c4ee196780ecf23d9145edb997d9927a9f2261aaecb305ab7fe4

  • SSDEEP

    12288:8urQ2eY45lYMxuqLOjy9lmbCKyBXUe7S/kVpprgPs:nGlY8xheO/ke7SaR

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215798

rsa_pubkey.plain

Targets

    • Target

      8541c3e5a2fea353fab1657575993319_JaffaCakes118

    • Size

      534KB

    • MD5

      8541c3e5a2fea353fab1657575993319

    • SHA1

      95383648af291e339dfa628a3950686e822e93d5

    • SHA256

      4897564a8c3fd201eb272b044f8c17a2518e6cc10fa6d1bbff806b4f012805ec

    • SHA512

      0ce82bf2397186e93d1f5f0f66576536dd66462d940b781a8e0f0e52041d3d3ca604dbfd15a3c4ee196780ecf23d9145edb997d9927a9f2261aaecb305ab7fe4

    • SSDEEP

      12288:8urQ2eY45lYMxuqLOjy9lmbCKyBXUe7S/kVpprgPs:nGlY8xheO/ke7SaR

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks