Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1c859efff6b87e725cbc02d9b8e383488f243ad2eef13793ef2a2e2ec31bc4ce
-
Size
296KB
-
Sample
231010-thaessgd63
-
MD5
5f504990a01f532069bd4876d831a970
-
SHA1
8d99ae0a7cf71bedbad0e54b0d81290a4e34e54a
-
SHA256
1c859efff6b87e725cbc02d9b8e383488f243ad2eef13793ef2a2e2ec31bc4ce
-
SHA512
4c36ce7f77fe52e63863fb209d86869f78113a82e9b3b7c61ab657dfd27dae5939dc34f59bfee5c90b426813140dc8a91c8ea036650f483e6211ff4edaa9e7d1
-
SSDEEP
6144:9uqWke0GeTjVu6qLEci+yOGNImKDLJpg2KvWgcOhM6WS:92k5FuXLEcCImuLRwW9HS
Malware Config
Extracted
formbook
4.1
dz01
advisoros.com
harmonyhomeinteriorstx.net
nyhfqrqvxg.com
fugentrade.com
geasme.com
shopsolary.com
wildwasser.club
henryclarkandassociate.com
klodytb.xyz
jsjnbf.com
vivelosupport.com
dealflowrealestate.com
piabellacasino346.com
wdkilat.site
djpedrocruz.com
fmovies.coach
auroreal.com
1win-esw15.fun
hmdfxx.com
gems-spot.com
Targets
-
-
Target
komut onayı.exe
-
Size
309KB
-
MD5
b39a94908d4fe100dc9187de974a365c
-
SHA1
6882de6ac7ac89779fc9bd59c0f4499b5aa43e71
-
SHA256
68e6d2750f1617386ddf6ad75b2d03e1b6522e64fd7da365235e7041faa60dbe
-
SHA512
e5e1c8331c598ae99b732d79188b91b2116ea4e13fe239c83755269c29fe272ccecade3ba0cc4e5e0f97a1427ab45c70db8d9366fb1775041ad8fd4e485ac3fc
-
SSDEEP
6144:pXFKo5lJFjoGeThVuSqdEcimyOGNIm0DLJpg2KvkgcOFM6Te:pXRJ+vuPdEcsIm4LRwk92e
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-