Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_3e35f46034be93a792b8476461455856036349b40b7b850892dfeae3f2465ac2

  • Size

    625KB

  • Sample

    241224-q56vqsyqbn

  • MD5

    05d7cc78ea824d5b261c5556229c36d8

  • SHA1

    ea9afb96681884367184bbb873752989f164f08f

  • SHA256

    3e35f46034be93a792b8476461455856036349b40b7b850892dfeae3f2465ac2

  • SHA512

    05894cf211cf1df8fa2ce7bc2b46ea03c76f5fa0a3957bfb23556ae5f3b5635aee8b5d3301e0878dd3d227c9b8e2ef145f971571bdd9ac0f0a53099714e8525d

  • SSDEEP

    12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zy:+w1lEKOpuYxiwkkgjAN8Zy

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes
  • base_path

    /phpadmin/

  • build

    250227

  • exe_type

    loader

  • extension

    .src

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      JaffaCakes118_3e35f46034be93a792b8476461455856036349b40b7b850892dfeae3f2465ac2

    • Size

      625KB

    • MD5

      05d7cc78ea824d5b261c5556229c36d8

    • SHA1

      ea9afb96681884367184bbb873752989f164f08f

    • SHA256

      3e35f46034be93a792b8476461455856036349b40b7b850892dfeae3f2465ac2

    • SHA512

      05894cf211cf1df8fa2ce7bc2b46ea03c76f5fa0a3957bfb23556ae5f3b5635aee8b5d3301e0878dd3d227c9b8e2ef145f971571bdd9ac0f0a53099714e8525d

    • SSDEEP

      12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zy:+w1lEKOpuYxiwkkgjAN8Zy

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks