Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

oldmama.m83.exe

windows7_x64

10

oldmama.m83.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    oldmama.m83.exe

  • Size

    179KB

  • Sample

    200710-kjt146avzj

  • MD5

    8ab3e8276a19c042ec7a789e86462aea

  • SHA1

    86904ffb2bdf8fa3e864ab50471bc8086e720999

  • SHA256

    035c2fa5d912202dd34e8410b14a42b0db007c2be8ed819bbc444f9818497f5b

  • SHA512

    9c9ad8236eb69ae9a748d83ac35224d4de0a563ba0af0431e85a4354f5e81fe5ab0491d2c0f5bbc2c61789f27889545731db5fcd16a6a0264845517422afa78d

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      oldmama.m83.exe

    • Size

      179KB

    • MD5

      8ab3e8276a19c042ec7a789e86462aea

    • SHA1

      86904ffb2bdf8fa3e864ab50471bc8086e720999

    • SHA256

      035c2fa5d912202dd34e8410b14a42b0db007c2be8ed819bbc444f9818497f5b

    • SHA512

      9c9ad8236eb69ae9a748d83ac35224d4de0a563ba0af0431e85a4354f5e81fe5ab0491d2c0f5bbc2c61789f27889545731db5fcd16a6a0264845517422afa78d

    Score
    10/10
    spywareevasiontrojanstealerformbookpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks