Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

DHL Origin...ts.exe

windows7-x64

1

DHL Origin...ts.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL Original Documents.exe

  • Size

    1.7MB

  • Sample

    230211-lpc59sde5x

  • MD5

    13ec30f42d53faabbd8fb6e8b2330b20

  • SHA1

    83b7d48d36322f65ce94860617a0ce5b2627e573

  • SHA256

    9d6cbe10eb774bdafa9f34a374b224198b82cba5516412d5463cd84da979307b

  • SHA512

    274ac1237c978a144c1c13796bcf07130b213a674b8d595b79a7474cc263ddf4ba20d0f709c40fa2d67ba4aecd6d2961bee8743de0bc63405bc5ab543018050d

  • SSDEEP

    24576:PGAIUP/CgC8+YlJGuKiCfnQtxvezi6cnP32qejmhn4Q/1IZ1om5mog4MHqVMBie1:htzg1oumhP32qejm2AWHMKwWrIR

Score
10/10
formbookrhadamanthysdv02ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dv02

Decoy

castellanostours.com

526048.com

amggdqf.com

konyaestetik.xyz

britainewstime-uk.online

inkpresionenlinea.com

eudvpk7s.store

linlong.cloud

globalinclusive.com

fluks.shop

greathillsgem.info

glitzyballoonsdfw.com

kswxdhnexzjdydd.click

krhssc.top

charlottedeschutter.com

getphotonic.com

rapidcomputers.uk

cabinetforever.com

importacioneskaleperu.com

shoppinginperth.co.uk

Targets

    • Target

      DHL Original Documents.exe

    • Size

      1.7MB

    • MD5

      13ec30f42d53faabbd8fb6e8b2330b20

    • SHA1

      83b7d48d36322f65ce94860617a0ce5b2627e573

    • SHA256

      9d6cbe10eb774bdafa9f34a374b224198b82cba5516412d5463cd84da979307b

    • SHA512

      274ac1237c978a144c1c13796bcf07130b213a674b8d595b79a7474cc263ddf4ba20d0f709c40fa2d67ba4aecd6d2961bee8743de0bc63405bc5ab543018050d

    • SSDEEP

      24576:PGAIUP/CgC8+YlJGuKiCfnQtxvezi6cnP32qejmhn4Q/1IZ1om5mog4MHqVMBie1:htzg1oumhP32qejm2AWHMKwWrIR

    Score
    10/10
    formbookrhadamanthysdv02ratspywarestealertrojan

    • Detect rhadamanthys stealer shellcode

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Formbook payload

      rat

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks