Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

Quotation #10091.exe

windows7-x64

10

Quotation #10091.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25092024_0650_24092024_Quotation #10091.zip

  • Size

    744KB

  • Sample

    240925-hl7zpatfpf

  • MD5

    b81aa1557e649e0ef4c44a79e665f742

  • SHA1

    c9c933bee9c26c4b180c7cb9f7d995ce8f24be28

  • SHA256

    682488669b570454581b7b20875cf3f95734ca8da117ebedc23a13b4ebe01a70

  • SHA512

    b9e3c39b6b7129c4f94e4c92cddbc079cd7a7b7c3afe86553285ff9e71d12c0a21d76749f9c4302e5792ea22e00a21b6ca8fecb4fca3fc4d90b9a58684e4f546

  • SSDEEP

    12288:R/gBT51V14eECqni+Oa84aR73OyCsGh5eUVtx6AfDieqV2jqPH88bGVUCYv+e:9gBTS7nt+3DvCVh5eAtxDGevjqPH88/f

Score
10/10
formbookc89pdiscoveryratspywarestealertrojanupx

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c89p

Decoy

ftersaleb.top

dcustomdesgins.net

ostbet2024.live

rhgtrdjdjytkyhretrdjfytd.buzz

atauniversity.tech

idoctor365.net

x-design-courses-29670.bond

ellowold-pc.top

ransportationmmsytpro.top

areerfest.xyz

artiresbah-in.today

ijie.pro

torehousestudio.info

69-11-luxury-watches.shop

earing-tests-44243.bond

hits.shop

hzl9.bond

lood-test-jp-1.bond

livialiving.online

usymomsmakingmoney.online

Targets

    • Target

      Quotation #10091.exe

    • Size

      758KB

    • MD5

      6e39ee33f6527364cac3cc4bbf276f26

    • SHA1

      a7c12eef84ae778ce5158327d419508eb5b199c8

    • SHA256

      1a52416bc054c0f2a46f2fd215d73d3285334fcdacf02ed449935bd93fb70863

    • SHA512

      d06164091fe866df2626377b2d2589d9da291c73aff55b40db1844e32290c1f5e37b1ba8155ee02a351366df5a8862ce0b2e5b28a9b14b65cd568064cde28a78

    • SSDEEP

      12288:v6Wq4aaE6KwyF5L0Y2D1PqLVRX3OyQsAhJYUVTx6AflSeqz2jqPB88bYVUCYH5g:tthEVaPqL7nvQlhJYATxDYeHjqPB88ZO

    Score
    10/10
    formbookc89pdiscoveryratspywarestealertrojanupx

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.