Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://bazaar.abuse...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://bazaar.abuse.ch/download/6c8bb939433b05a8b56b08ef68f8c5b5f396bc2b5454ec09d4ee1654951ff463/

  • Sample

    231008-tr9agsea9v

Score
10/10
formbookhesfratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hesf

Decoy

rizublog-aromama-a.com

87b52.club

allportablepower.com

brownkrosshui.com

schuobu.fun

qevtjrobrb.xyz

throne-rooms.com

hostcheker.net

buzztsunamiloja.com

kkudatogel27.com

91fulizifen.com

148secretbet.com

outlookthailand.com

zonaduniabet.net

boursobankk.com

tuneuphypnosis.com

sahabatzulhelmi.com

usbulletinnow.com

durdurdarshi.com

zz-agency.com

Targets

    • Target

      https://bazaar.abuse.ch/download/6c8bb939433b05a8b56b08ef68f8c5b5f396bc2b5454ec09d4ee1654951ff463/

    Score
    10/10
    formbookhesfratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks