Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_fa9484cf6b4c586b3e68b4c47404611300b5aeec8e2725cff1c30d8f4260c2c6

  • Size

    624KB

  • Sample

    241223-xe3hysxnfq

  • MD5

    7ba0f7e7a1998885569584723e501817

  • SHA1

    d9dd8e42a65bc68d81be430c437553048c1b255a

  • SHA256

    fa9484cf6b4c586b3e68b4c47404611300b5aeec8e2725cff1c30d8f4260c2c6

  • SHA512

    41e9fdc8f44f24d7731ffd83aa82de2d640584b2ce1d7c77d828beb10792ff7e848b3972cc8c00e261a5bafc5709d2f8eb8e1da8467a6681750a544a6ffffa3c

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Z/:+w1lEKOpuYxiwkkgjAN8Z/

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_fa9484cf6b4c586b3e68b4c47404611300b5aeec8e2725cff1c30d8f4260c2c6

    • Size

      624KB

    • MD5

      7ba0f7e7a1998885569584723e501817

    • SHA1

      d9dd8e42a65bc68d81be430c437553048c1b255a

    • SHA256

      fa9484cf6b4c586b3e68b4c47404611300b5aeec8e2725cff1c30d8f4260c2c6

    • SHA512

      41e9fdc8f44f24d7731ffd83aa82de2d640584b2ce1d7c77d828beb10792ff7e848b3972cc8c00e261a5bafc5709d2f8eb8e1da8467a6681750a544a6ffffa3c

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Z/:+w1lEKOpuYxiwkkgjAN8Z/

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks