Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_036fccec7d4a6bb1b47913b9b3be46c157ed8ea867b4ace960a5a32210d17388

  • Size

    625KB

  • Sample

    241224-nhrq7awpdp

  • MD5

    896d3753179052264431450a58dbca53

  • SHA1

    77066307ad6f1db82c9ccfb5c8335a8c3ee51565

  • SHA256

    036fccec7d4a6bb1b47913b9b3be46c157ed8ea867b4ace960a5a32210d17388

  • SHA512

    abc3628093c25a3a50996729e6e029df6833da233a8928e4736941b6bcc554564765d38b2b5b775148d9ef28e5903038bb0a8cabbec65e88202c3663d2d9074f

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZZ:+w1lEKOpuYxiwkkgjAN8ZZ

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_036fccec7d4a6bb1b47913b9b3be46c157ed8ea867b4ace960a5a32210d17388

    • Size

      625KB

    • MD5

      896d3753179052264431450a58dbca53

    • SHA1

      77066307ad6f1db82c9ccfb5c8335a8c3ee51565

    • SHA256

      036fccec7d4a6bb1b47913b9b3be46c157ed8ea867b4ace960a5a32210d17388

    • SHA512

      abc3628093c25a3a50996729e6e029df6833da233a8928e4736941b6bcc554564765d38b2b5b775148d9ef28e5903038bb0a8cabbec65e88202c3663d2d9074f

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZZ:+w1lEKOpuYxiwkkgjAN8ZZ

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks