Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
73cb9c68b47d45884c4cbdb18d45a63a4d67a1f22ab8cb2a6ec92423cd77948d_JC.exe
-
Size
587KB
-
Sample
230815-s4g64abe58
-
MD5
28add1243c433986dbb73ef4e6763fa1
-
SHA1
eb5c172e07f5f8b7e30417ee8547a58b05996756
-
SHA256
73cb9c68b47d45884c4cbdb18d45a63a4d67a1f22ab8cb2a6ec92423cd77948d
-
SHA512
af35f5f3540b3110602222f917ea9fa76cf743573826d3e1a89472ed7623d88be97cd7c9f4c3d9c8b38d0ff7d2bed2c708809a1cda5de93990389e3bd6970542
-
SSDEEP
12288:3r4lrrr/zYPeL3bhmL8NnTl/EOnOzfAq3zStUunsB:3r4lXr/zieL3boQRlNn3q3ujns
Static task
static1
Behavioral task
behavioral1
Sample
73cb9c68b47d45884c4cbdb18d45a63a4d67a1f22ab8cb2a6ec92423cd77948d_JC.exe
Resource
win7-20230712-en
Malware Config
Extracted
formbook
4.1
d6dt
curenveda.com
mavilitur.xyz
airdropfisher.com
jxwqeumw.click
solepowertool.com
quickmartltd.com
postbh.com
aerialcarried.click
teamabr-rfa.com
jeagma9k.click
aquaafiafoodsafety.com
dangtutu.com
lahfhg.com
patricia-lee.com
nextgencoders.tech
scercommerce.online
crates.surf
casamorganagelatos.com
dwynet.com
3genenterprisesllc.com
nvxyhax9.click
santosmexico.com
boughtbee.com
zhsoho.com
polanyx.com
pseudonym.info
vavadaqk.buzz
inofs.info
duakelinci.xyz
shareintw.top
bcpavkwv.click
88vin11.biz
noyou521.xyz
ychktrly.click
worldwidelogisticsco.com
enhancedmissionc.wiki
vtdstein95.xyz
igpcwqpl.click
krushitcafe.com
onefintech.net
friodisk.site
slotfortune228.info
ccbbj.com
voxmix.info
w7775.vip
theglobalexcelgroupexp.com
portaldotrabalho.net
staycloud.net
ugk35.com
zxzq5588.vip
bernardkuffler.com
dktmd.icu
cihhu.site
komitekeprsmfm.site
3621foxmore.com
mybusinessmagic.shop
algoraticsinfra.com
honehywell.com
xn--tftler-3ya.com
cafebluesky-fake.com
montrei.xyz
cjwdpouf.click
qfygmh.site
hdbfhgj.com
7qlt2lwnxzz7.xyz
Targets
-
-
Target
73cb9c68b47d45884c4cbdb18d45a63a4d67a1f22ab8cb2a6ec92423cd77948d_JC.exe
-
Size
587KB
-
MD5
28add1243c433986dbb73ef4e6763fa1
-
SHA1
eb5c172e07f5f8b7e30417ee8547a58b05996756
-
SHA256
73cb9c68b47d45884c4cbdb18d45a63a4d67a1f22ab8cb2a6ec92423cd77948d
-
SHA512
af35f5f3540b3110602222f917ea9fa76cf743573826d3e1a89472ed7623d88be97cd7c9f4c3d9c8b38d0ff7d2bed2c708809a1cda5de93990389e3bd6970542
-
SSDEEP
12288:3r4lrrr/zYPeL3bhmL8NnTl/EOnOzfAq3zStUunsB:3r4lXr/zieL3boQRlNn3q3ujns
-
Formbook payload
-
Suspicious use of SetThreadContext
-