Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aa05023887117e6f52dce6ae40dcab9d.exe
-
Size
272KB
-
Sample
230213-tk7s3sdg41
-
MD5
aa05023887117e6f52dce6ae40dcab9d
-
SHA1
3f6c3e8cc656a436be4ddbc248432e48dcd8aa0d
-
SHA256
6c3654d20a676bf9b7f77546e23bfb3a7d2d23f1d535d0feced966a22ece5d60
-
SHA512
329d06ab016a9413e5320170d1ede46dc50d3a4aea13efc600919858e8100ff3b56b8934f0815a4f3cfed45e7641488f9768b6635c03504ba958194287584362
-
SSDEEP
6144:BYa6q6/iwjO/07RXNHT0uZ0w+5IoujNbjcgTAgqZ6VOmA+:BYcKji079BV0/IVNbQgMkw+
Malware Config
Extracted
formbook
4.1
sk29
adobeholidaylego.com
labassecourdecaro.com
whhlbz.net
aikxian.net
myimmigration.net
etribe.info
fercosgru.com
everbrighthouse.com
finepizzavegesack.info
mesuretonradon.com
escopic.art
mapzle.com
panachesports.net
alabamasbesthvac.com
esghf.com
usrisik.com
activseal.com
eventplanningpros.africa
adufyuwefjdfuiwefl.site
kornilt.com
Targets
-
-
Target
aa05023887117e6f52dce6ae40dcab9d.exe
-
Size
272KB
-
MD5
aa05023887117e6f52dce6ae40dcab9d
-
SHA1
3f6c3e8cc656a436be4ddbc248432e48dcd8aa0d
-
SHA256
6c3654d20a676bf9b7f77546e23bfb3a7d2d23f1d535d0feced966a22ece5d60
-
SHA512
329d06ab016a9413e5320170d1ede46dc50d3a4aea13efc600919858e8100ff3b56b8934f0815a4f3cfed45e7641488f9768b6635c03504ba958194287584362
-
SSDEEP
6144:BYa6q6/iwjO/07RXNHT0uZ0w+5IoujNbjcgTAgqZ6VOmA+:BYcKji079BV0/IVNbQgMkw+
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-