Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

WRONG PAYMENT_PDF.exe

windows7_x64

10

WRONG PAYMENT_PDF.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WRONG PAYMENT_PDF.exe

  • Size

    370KB

  • Sample

    200707-2fzbkbwaas

  • MD5

    23bdd421e22c233b48e0bf179ec45238

  • SHA1

    7788999310396fb6617b51d55fa7f268bdf79fa8

  • SHA256

    172842029f8937753e79843e36fcb4715c0f3a9de4b256585847df48caf8e10f

  • SHA512

    4bca39de0d75405fbdc8c1a6ed4980b678ff66cd580c44d929d1595a9d8e3f5405ed696862edfb95f823905d3d245d4e360abf3eec2ef41539175d9f51145df0

Score
10/10
formbookpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      WRONG PAYMENT_PDF.exe

    • Size

      370KB

    • MD5

      23bdd421e22c233b48e0bf179ec45238

    • SHA1

      7788999310396fb6617b51d55fa7f268bdf79fa8

    • SHA256

      172842029f8937753e79843e36fcb4715c0f3a9de4b256585847df48caf8e10f

    • SHA512

      4bca39de0d75405fbdc8c1a6ed4980b678ff66cd580c44d929d1595a9d8e3f5405ed696862edfb95f823905d3d245d4e360abf3eec2ef41539175d9f51145df0

    Score
    10/10
    spywaretrojanstealerformbookpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks