Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_7d618a32aac4de75779d8e57adc89973d472a09fc8e24fc93f17fca6a1d063e1

  • Size

    626KB

  • Sample

    241224-ne6qyawlc1

  • MD5

    a2add8ac228debe4cf5191ac7ea45298

  • SHA1

    12456f2508e08eca0f07e1246fad4ba5ecc4cf39

  • SHA256

    7d618a32aac4de75779d8e57adc89973d472a09fc8e24fc93f17fca6a1d063e1

  • SHA512

    9ee18930a51d7808959ff7e7ea48a865dc5e1d7f280f00ce60612bb1a6a28a5a8153576beb8aa6b598de27d634311ea6eb142e4ca211bfab90e46356610256eb

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZY:+w1lEKOpuYxiwkkgjAN8ZY

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_7d618a32aac4de75779d8e57adc89973d472a09fc8e24fc93f17fca6a1d063e1

    • Size

      626KB

    • MD5

      a2add8ac228debe4cf5191ac7ea45298

    • SHA1

      12456f2508e08eca0f07e1246fad4ba5ecc4cf39

    • SHA256

      7d618a32aac4de75779d8e57adc89973d472a09fc8e24fc93f17fca6a1d063e1

    • SHA512

      9ee18930a51d7808959ff7e7ea48a865dc5e1d7f280f00ce60612bb1a6a28a5a8153576beb8aa6b598de27d634311ea6eb142e4ca211bfab90e46356610256eb

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZY:+w1lEKOpuYxiwkkgjAN8ZY

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks