Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
DHL-081023.exe
-
Size
1005KB
-
Sample
231008-s777pagb62
-
MD5
e9577305797da56c4538f35d2da1e6ef
-
SHA1
4b19ed069368fa3b9433c9c8d8b4a050dfae77bc
-
SHA256
6c8bb939433b05a8b56b08ef68f8c5b5f396bc2b5454ec09d4ee1654951ff463
-
SHA512
28427e4d980c8aceb27fe0fd31275bf7fbf6fdac1b9730c80ff9e3917c6b064b0a605f83c0df3fd7cc0642305797e159711ffe5f94f6aaa3d42d3cc8373077f5
-
SSDEEP
24576:NTbBv5rUanWnNr75xArQDF8XhV+dFGa6mPcyGJzQfs8FiNGVDoB:HBjWnd7HbghVRoGBQfookB
Static task
static1
Behavioral task
behavioral1
Sample
DHL-081023.exe
Resource
win7-20230831-en
Malware Config
Extracted
formbook
4.1
hesf
rizublog-aromama-a.com
87b52.club
allportablepower.com
brownkrosshui.com
schuobu.fun
qevtjrobrb.xyz
throne-rooms.com
hostcheker.net
buzztsunamiloja.com
kkudatogel27.com
91fulizifen.com
148secretbet.com
outlookthailand.com
zonaduniabet.net
boursobankk.com
tuneuphypnosis.com
sahabatzulhelmi.com
usbulletinnow.com
durdurdarshi.com
zz-agency.com
jf66899j.com
artplex.store
beautyhubaustralia.site
tygyro.com
ludio.biz
ruochen.xyz
smartvoiceinsurance.com
shayun.net
poston.app
othersidewear.com
620tom.com
100mileview.info
wedding-nanny.com
betadda777.online
passiveprofitsathome.com
tobivausm.party
171301.com
sua-tang-chieu-cao-hiup.top
pancakesandwaflesbeverages.net
sahilsachdevaapps.app
home-workout-ideas.com
allpaleoclimb24.com
vkcardrivingschool.com
claimfine.com
im-newbie-journal.online
ybring7.com
svgco.life
joeysdoor.com
elixirsiroptonic.com
1320detailingsupplies.com
olimcreative.com
trinityoutboards.com
zerofeelettings.com
pendletonofficial.shop
carneywaste.com
schistdisc.com
neomusic.net
blackberrygrove.com
homespy.net
gdbushuo.icu
luxury111mb.com
akumaterial.com
drakenskloof.com
px6k4a.shop
jimenezfarmersinsurance.shop
Targets
-
-
Target
DHL-081023.exe
-
Size
1005KB
-
MD5
e9577305797da56c4538f35d2da1e6ef
-
SHA1
4b19ed069368fa3b9433c9c8d8b4a050dfae77bc
-
SHA256
6c8bb939433b05a8b56b08ef68f8c5b5f396bc2b5454ec09d4ee1654951ff463
-
SHA512
28427e4d980c8aceb27fe0fd31275bf7fbf6fdac1b9730c80ff9e3917c6b064b0a605f83c0df3fd7cc0642305797e159711ffe5f94f6aaa3d42d3cc8373077f5
-
SSDEEP
24576:NTbBv5rUanWnNr75xArQDF8XhV+dFGa6mPcyGJzQfs8FiNGVDoB:HBjWnd7HbghVRoGBQfookB
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-