Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
TNT Shipping Document.exe
-
Size
620KB
-
Sample
230921-gx6qbsdg7x
-
MD5
0593245b016a4aabdd56134224efa148
-
SHA1
62aa8ce315251c033878e82324d786dc2c2f2ec1
-
SHA256
ff87df006fb01a3f40c3eaa5f64efbb699378e096c28d4179eb5b3c023774acc
-
SHA512
f5391c70a233be9568d252e8b920cec388817c04ab3a7dfc691c3b1e68743ed46db3261eb1080053b207631cb5e45e5226443ee64b8ed8c989a334f4652e6e2a
-
SSDEEP
12288:/UZqEisUH/iA0ZTCFmTGpU3TEtxQ4CcH0R5SH9+yF05IyrsgpWVa6AJ/qn:qqEWpuCY/3T3jEd+e05IEhpF6+qn
Malware Config
Extracted
formbook
4.1
cy12
routinelywell.com
traderinformation.com
xv1lz.cfd
elfiensclinic.com
dfwtexasmilitaryagent.com
gb3p8a.com
ofcure.com
kslgd.link
apexassisthubs.com
270hg.com
spacovitta.com
mattress-info-hu-kwu.today
jakestarrbroadcast.com
modestswimwearshop.com
game0814.com
gec.tokyo
growwellnesscoaching.com
thefavoreats.com
gaasmantech.net
mloffers.net
Targets
-
-
Target
TNT Shipping Document.exe
-
Size
620KB
-
MD5
0593245b016a4aabdd56134224efa148
-
SHA1
62aa8ce315251c033878e82324d786dc2c2f2ec1
-
SHA256
ff87df006fb01a3f40c3eaa5f64efbb699378e096c28d4179eb5b3c023774acc
-
SHA512
f5391c70a233be9568d252e8b920cec388817c04ab3a7dfc691c3b1e68743ed46db3261eb1080053b207631cb5e45e5226443ee64b8ed8c989a334f4652e6e2a
-
SSDEEP
12288:/UZqEisUH/iA0ZTCFmTGpU3TEtxQ4CcH0R5SH9+yF05IyrsgpWVa6AJ/qn:qqEWpuCY/3T3jEd+e05IEhpF6+qn
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-