Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_10793e2d156728f10f3293f7794e35c1dba56e7cb5401fd45f15f2505bd6bb88

  • Size

    626KB

  • Sample

    241224-n4f7kswqey

  • MD5

    f7db55ba4dcd3bd1c9b193e0a05ea33e

  • SHA1

    9039fc5e59ab7a6320d10ffdb78b053849c349da

  • SHA256

    10793e2d156728f10f3293f7794e35c1dba56e7cb5401fd45f15f2505bd6bb88

  • SHA512

    7c4e7ab59abe31a03789138f67c9a78159c68333f2efd3383cf1eb6d35b6c4c0c274d3fae70f8f679ed9aaab9792167818e3245ba77106a157f3c57df5e32195

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZF2:+w1lEKOpuYxiwkkgjAN8ZY

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_10793e2d156728f10f3293f7794e35c1dba56e7cb5401fd45f15f2505bd6bb88

    • Size

      626KB

    • MD5

      f7db55ba4dcd3bd1c9b193e0a05ea33e

    • SHA1

      9039fc5e59ab7a6320d10ffdb78b053849c349da

    • SHA256

      10793e2d156728f10f3293f7794e35c1dba56e7cb5401fd45f15f2505bd6bb88

    • SHA512

      7c4e7ab59abe31a03789138f67c9a78159c68333f2efd3383cf1eb6d35b6c4c0c274d3fae70f8f679ed9aaab9792167818e3245ba77106a157f3c57df5e32195

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZF2:+w1lEKOpuYxiwkkgjAN8ZY

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks