Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_b17b74c2d445ffa55af06c089f6347d15b7e1cd50af9765b4187a1a8ae01ab70

  • Size

    724KB

  • Sample

    241225-dtyzjawmav

  • MD5

    fe1abbe385514fb5bd7958052361a5c4

  • SHA1

    3c2ecad8dfd77abcf17a46603c371dd53286e372

  • SHA256

    b17b74c2d445ffa55af06c089f6347d15b7e1cd50af9765b4187a1a8ae01ab70

  • SHA512

    acefdbe79183c8d7903e665c3792b009b62e6114b789e848b630018f8d833a5a467b1b38f9409fd37945cdd5eb04802e374a72620bca431f595266cf446cc2bd

  • SSDEEP

    12288:mvMYnd4uS13zpTPrY0hqqaFRR+gcPDt5OQNCQ99CALRJMPqV3ghvHL0BDIhtN2Li:mvMVuS5tTPrTqPFPsrt5FFDLRyPqV3gv

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.111.164

http://79.132.130.76

http://170.130.165.60

http://91.242.219.237

http://185.90.162.33

http://185.158.248.100

https://checkdlist.skype.com

http://109.230.199.110

https://checfklist.skype.com

http://45.11.183.24

https://checklisft.skype.com

http://37.10.71.114

http://176.10.119.217

https://checklist.skyfpe.com

http://79.132.133.128

Attributes
  • base_path

    /microsoft/

  • exe_type

    worker

  • extension

    .acx

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    Tasks