Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Swift Copy #09765.exe

  • Size

    690KB

  • Sample

    200708-8ja2t1vtl6

  • MD5

    f3b1bf9839a7f65a913e8298bb9ded82

  • SHA1

    c1b180b445500bbfbec473409683fb150afea3a2

  • SHA256

    ea9d8c28e623cbabc1407aa3da7a681adb93ef3e758fe31aaf664ff3998cddb5

  • SHA512

    ce230ee76f1cce30226df6a5f15e7f807638a7e356e44cc17bb60aac84630975b2ce516f129e8addb0483ae72be5991ab9c495f3f18be97a913a46b57dbfb0d4

Malware Config

Targets

    • Target

      Swift Copy #09765.exe

    • Size

      690KB

    • MD5

      f3b1bf9839a7f65a913e8298bb9ded82

    • SHA1

      c1b180b445500bbfbec473409683fb150afea3a2

    • SHA256

      ea9d8c28e623cbabc1407aa3da7a681adb93ef3e758fe31aaf664ff3998cddb5

    • SHA512

      ce230ee76f1cce30226df6a5f15e7f807638a7e356e44cc17bb60aac84630975b2ce516f129e8addb0483ae72be5991ab9c495f3f18be97a913a46b57dbfb0d4

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Adds Run entry to policy start application

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks