Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957.exe
-
Size
859KB
-
Sample
230110-n87kbsbf8s
-
MD5
165d68ffe2a7c302e2510ad41d7fb190
-
SHA1
d04b5f03f71b378705f55757e9f87c19022c49f6
-
SHA256
2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957
-
SHA512
d24d1d4af9bba95e58dd8d84a8842a1f08346edcbed8ddedd98033220d4874e10bffe71ab46ac4380d8dc6605eb48109bb21004e24f1a2d9f01c6bf571ce0a36
-
SSDEEP
12288:qoQgKZ/nXt7virmWhlGLaQYIXvemUMoo4NbSxntD8UzsXMLX7HcRtWLkt3Wuijma:U2mHoo488UzGYX7HS0kt3WR
Malware Config
Extracted
formbook
soo3
ulAoVHCJPFMMCXyU0k8s
gQssJfPDb+58t4k=
CJqTpjOkgMt0gQ==
jpj5qnSxUS0nZ9YOOfA9kw==
wd5b5XFY5eN6dwx3U6VwxRdj8X/F
ETbT5PLdmyyd3/B1Tt8=
v/JoCv2OjOuRiw==
JU/bfD1uA+TuXzEiCANlN1qglMY=
rVpvBOA37dfNB2rDlFvi9jM0
bCgzcDX/q/zJwCdRzs51iO8=
OmvZUJzHUkdL
U37ScNtggMt0gQ==
oynheCRY9snAKbINCZR72Bxj8X/F
mNVWXCXptUsDEhtnxs51iO8=
d4HKWl349Eth1OFEyQ==
O+nh8Lp5G4CKRgdFwQ==
9HkyNjsWo9mj0+IJk9c=
9wJYZ0n/mt297s80gN8tjg==
eTUrRwyugMt0gQ==
EY96tYYp0HQzP1W1/86jibJC0dE=
Targets
-
-
Target
2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957.exe
-
Size
859KB
-
MD5
165d68ffe2a7c302e2510ad41d7fb190
-
SHA1
d04b5f03f71b378705f55757e9f87c19022c49f6
-
SHA256
2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957
-
SHA512
d24d1d4af9bba95e58dd8d84a8842a1f08346edcbed8ddedd98033220d4874e10bffe71ab46ac4380d8dc6605eb48109bb21004e24f1a2d9f01c6bf571ce0a36
-
SSDEEP
12288:qoQgKZ/nXt7virmWhlGLaQYIXvemUMoo4NbSxntD8UzsXMLX7HcRtWLkt3Wuijma:U2mHoo488UzGYX7HS0kt3WR
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Suspicious use of SetThreadContext
-