Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7604b60990297c5b6f34db41501c0297dbeac0f303377ccc92c4092579b2c846_JC.rtf
-
Size
50KB
-
Sample
230805-rm83tadc39
-
MD5
50dc985e3749a03e19cad19ecf48888e
-
SHA1
b800887d75f8cfe2f55541e7d201e94e46ca8ab1
-
SHA256
7604b60990297c5b6f34db41501c0297dbeac0f303377ccc92c4092579b2c846
-
SHA512
f71edc4d2f9440c66b9acc0e90e36c65d412f4f8b247f6cca1f20137e3ba320a1493e5cca80e2aaaca2610b35e6c960cb0997066c3c921aea63dc61279bb40e0
-
SSDEEP
768:zwAbZSibMX9gRWj4rOoE3M04JUNWMgQvWx1BuYUdVJ:zwAlR/23KUNWdjrUdVJ
Malware Config
Extracted
formbook
4.1
oy30
rfc234.top
danielcavalari.com
elperegrinocabo.com
aryor.info
surelistening.com
premium-numero-telf.buzz
orlynyml.click
tennislovers-ro.com
holdmytracker.com
eewapay.com
jaimesinstallglass.com
damactrade.net
swapspecialities.com
perfumesrffd.today
salesfactory.pro
supportive-solutions.com
naiol.com
khoyr.com
kalendeargpt44.com
web-tech-spb.store
Targets
-
-
Target
7604b60990297c5b6f34db41501c0297dbeac0f303377ccc92c4092579b2c846_JC.rtf
-
Size
50KB
-
MD5
50dc985e3749a03e19cad19ecf48888e
-
SHA1
b800887d75f8cfe2f55541e7d201e94e46ca8ab1
-
SHA256
7604b60990297c5b6f34db41501c0297dbeac0f303377ccc92c4092579b2c846
-
SHA512
f71edc4d2f9440c66b9acc0e90e36c65d412f4f8b247f6cca1f20137e3ba320a1493e5cca80e2aaaca2610b35e6c960cb0997066c3c921aea63dc61279bb40e0
-
SSDEEP
768:zwAbZSibMX9gRWj4rOoE3M04JUNWMgQvWx1BuYUdVJ:zwAlR/23KUNWdjrUdVJ
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-