Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
tmp.bin
-
Size
605KB
-
Sample
230505-ztdjgsgh3x
-
MD5
cb62322bf94c2372c0c4c0383f3c2a23
-
SHA1
7b628d08dde66fe82002c908a1cdca11db5d54ed
-
SHA256
f641f1a87ee2a760b79417b410c52137c114e2618529bb90a0f281967975476e
-
SHA512
8a43cc7a3d2f6ebd5bd3bddc6577d435ac421697a3a8ca34074a29bdc716b589e87684e1cc5ae8d1007ef22e69e72cb0393c45c2f9f681fee3e0a7acec7f4237
-
SSDEEP
12288:FYmXlA7G3NFi0b7BMAsSMMT6sOhOIbw9SopRGdovnyo6VNglbXT:F5aS9Fi0b7BPl569I4p4G6vn32SbXT
Malware Config
Extracted
formbook
4.1
tf6p
poolcleanerskingsland.com
nieveslandscapee.com
wb263.com
smartlubetrading.com
linuowen.com
fna-seattle.com
jobgenie-ai.com
mycocktailmind.com
openai-invite.com
tnndjf5kyxz.com
mclane.attorney
somwear.xyz
spliffstudios.com
grupofaace.com
wuuwo.com
bigtimerushcharlotte.com
yourercchecks.com
arportablepottyrentals.biz
sbtsanantonio.com
explantationsbegleitung.com
Targets
-
-
Target
tmp.bin
-
Size
605KB
-
MD5
cb62322bf94c2372c0c4c0383f3c2a23
-
SHA1
7b628d08dde66fe82002c908a1cdca11db5d54ed
-
SHA256
f641f1a87ee2a760b79417b410c52137c114e2618529bb90a0f281967975476e
-
SHA512
8a43cc7a3d2f6ebd5bd3bddc6577d435ac421697a3a8ca34074a29bdc716b589e87684e1cc5ae8d1007ef22e69e72cb0393c45c2f9f681fee3e0a7acec7f4237
-
SSDEEP
12288:FYmXlA7G3NFi0b7BMAsSMMT6sOhOIbw9SopRGdovnyo6VNglbXT:F5aS9Fi0b7BPl569I4p4G6vn32SbXT
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-