Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_07edeba3ad227fd058c4b648434821ffb57fbd37ef8abd01eedd4fce4d6b87d4

  • Size

    625KB

  • Sample

    241224-pzr9qaxngz

  • MD5

    4991d89d6cf342b37cf02853a952bb24

  • SHA1

    5e46a0b1e1ce0a14e54be190c20cfd7a9018af83

  • SHA256

    07edeba3ad227fd058c4b648434821ffb57fbd37ef8abd01eedd4fce4d6b87d4

  • SHA512

    48345513b4633d840dbac7008419d38c5660b3b4c3a36a745ef2dfbb41117b08903c793ba3eb1e6fec55ac9eef1d74ab6083f39cc5fb55addff6accda1a38d54

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZAX:+w1lEKOpuYxiwkkgjAN8ZAX

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_07edeba3ad227fd058c4b648434821ffb57fbd37ef8abd01eedd4fce4d6b87d4

    • Size

      625KB

    • MD5

      4991d89d6cf342b37cf02853a952bb24

    • SHA1

      5e46a0b1e1ce0a14e54be190c20cfd7a9018af83

    • SHA256

      07edeba3ad227fd058c4b648434821ffb57fbd37ef8abd01eedd4fce4d6b87d4

    • SHA512

      48345513b4633d840dbac7008419d38c5660b3b4c3a36a745ef2dfbb41117b08903c793ba3eb1e6fec55ac9eef1d74ab6083f39cc5fb55addff6accda1a38d54

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZAX:+w1lEKOpuYxiwkkgjAN8ZAX

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks