Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_9e17c53ecc7fbe361ddc68315c6c7e260a1bb629985af1b7737916313cb8542d

  • Size

    626KB

  • Sample

    241221-2kascasmgl

  • MD5

    0e5eed18c7b33d90fbaeb730e614fee3

  • SHA1

    ac60883a3b157290d3241ef393f2229f6e91faa4

  • SHA256

    9e17c53ecc7fbe361ddc68315c6c7e260a1bb629985af1b7737916313cb8542d

  • SHA512

    efc99c3aa4627b158b2377279bd1b0f80e88ee2e05a260fa9b3c98f8e850ca6b83edb993536e9e454561de5b276583fc2f4b826730c0d9f2d9650e08b4639fda

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZH:+w1lEKOpuYxiwkkgjAN8ZH

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_9e17c53ecc7fbe361ddc68315c6c7e260a1bb629985af1b7737916313cb8542d

    • Size

      626KB

    • MD5

      0e5eed18c7b33d90fbaeb730e614fee3

    • SHA1

      ac60883a3b157290d3241ef393f2229f6e91faa4

    • SHA256

      9e17c53ecc7fbe361ddc68315c6c7e260a1bb629985af1b7737916313cb8542d

    • SHA512

      efc99c3aa4627b158b2377279bd1b0f80e88ee2e05a260fa9b3c98f8e850ca6b83edb993536e9e454561de5b276583fc2f4b826730c0d9f2d9650e08b4639fda

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZH:+w1lEKOpuYxiwkkgjAN8ZH

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks