Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

c9ccade124...18.exe

windows7-x64

10

c9ccade124...18.exe

windows10-2004-x64

7

$PLUGINSDI...cv.dll

windows7-x64

10

$PLUGINSDI...cv.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9ccade124b44534d0ff46033c9262f6_JaffaCakes118

  • Size

    256KB

  • Sample

    240829-2xravswanf

  • MD5

    c9ccade124b44534d0ff46033c9262f6

  • SHA1

    a89aeca95a6b30060f5efcbefb215d0648065f61

  • SHA256

    cbd43bdcb7e75cff1e937fe47faa7770647da504aa28fbf3f1b7415ac282456e

  • SHA512

    6d3b6b76d25363cfd7d4c600fe6508c1d293f0b584d73559c5717305ac84ec36fd5785d39b857db47f4905b6d5aa081727d1fe0f112d7e50af542865fcbabaa7

  • SSDEEP

    3072:FJ2S2L6KbqDCwcrM1ROZL009C9wIi/xRui+PXBjdyWSFCSKVbLGt83NRF3qujHvV:F8LxBs1ROJ0HVi/xNCRjdkFuOt8dTal+

Score
10/10
formbooks3dydiscoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3dy

Decoy

ravlygte.info

marketnewsville.online

flooring-envy.com

flavourhouston.com

donghohanghieunam.com

globleitsolutions.com

digitalgraphicarts.com

cupidbeautybar.com

cannavybes.com

negative-dsp.com

littledali.com

meltwatersoftware.info

blackdogland.com

danasales.com

mississippiscorecard.com

mainesmoker.com

sirenxinlilzixun.com

tychehang.com

gentciu.com

weckloltd.com

Targets

    • Target

      c9ccade124b44534d0ff46033c9262f6_JaffaCakes118

    • Size

      256KB

    • MD5

      c9ccade124b44534d0ff46033c9262f6

    • SHA1

      a89aeca95a6b30060f5efcbefb215d0648065f61

    • SHA256

      cbd43bdcb7e75cff1e937fe47faa7770647da504aa28fbf3f1b7415ac282456e

    • SHA512

      6d3b6b76d25363cfd7d4c600fe6508c1d293f0b584d73559c5717305ac84ec36fd5785d39b857db47f4905b6d5aa081727d1fe0f112d7e50af542865fcbabaa7

    • SSDEEP

      3072:FJ2S2L6KbqDCwcrM1ROZL009C9wIi/xRui+PXBjdyWSFCSKVbLGt83NRF3qujHvV:F8LxBs1ROJ0HVi/xNCRjdkFuOt8dTal+

    Score
    10/10
    formbooks3dydiscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/mfhecv.dll

    • Size

      30KB

    • MD5

      e97a552be97bf8ca0cd083250ef8b343

    • SHA1

      8283294c2b23684bf1aa6bdc7729ef80efcf7673

    • SHA256

      7ae5225917f9eb18e030e2aad1c0b9f7a3fc5789986e9222281cb3663d5f0775

    • SHA512

      0f9f53254f11ee2f3cf757ba5459c8380bd07872cbb12a5dc0a681f978e5c10eb136bca57de593adbd806980d1484896a47ab4eaab1794c98113b80992e9a07a

    • SSDEEP

      768:AYYsBQJDh7wN4Ce1k95WuPO8P9se1wcEWTF9D8E:AoBQJD6LPO8P9fwcE0qE

    Score
    10/10
    formbooks3dydiscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.