Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_780756c58425c61a91979e54c294303ea45225f074f41f3540d561fcb0497bd9

  • Size

    625KB

  • Sample

    241224-mr9gxsvpds

  • MD5

    90a86c658c725743548a5b25bc6e31cd

  • SHA1

    627bcba8ee788e79ce0806e1fab6ec6e8900a4c5

  • SHA256

    780756c58425c61a91979e54c294303ea45225f074f41f3540d561fcb0497bd9

  • SHA512

    d98a8fcb79db78cc67b261623faff1089cf574cc72d2d78fbd58fd34dc03f87234cab14baaea42f26faaf258486f62cc7ddc95dc7edb79f00da7bed9b68f212f

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Z5:+w1lEKOpuYxiwkkgjAN8Z5

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_780756c58425c61a91979e54c294303ea45225f074f41f3540d561fcb0497bd9

    • Size

      625KB

    • MD5

      90a86c658c725743548a5b25bc6e31cd

    • SHA1

      627bcba8ee788e79ce0806e1fab6ec6e8900a4c5

    • SHA256

      780756c58425c61a91979e54c294303ea45225f074f41f3540d561fcb0497bd9

    • SHA512

      d98a8fcb79db78cc67b261623faff1089cf574cc72d2d78fbd58fd34dc03f87234cab14baaea42f26faaf258486f62cc7ddc95dc7edb79f00da7bed9b68f212f

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Z5:+w1lEKOpuYxiwkkgjAN8Z5

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks