Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    quotation List #039.pdf.exe

  • Size

    325KB

  • Sample

    200710-emksb34y66

  • MD5

    2b1b6a99d9427ced3bcaaf141dd36b34

  • SHA1

    43e55e4c97dd72e3186e1849242f3cd62d991bd6

  • SHA256

    36f76be816898a8ac90603edeed2ff90983d062f047f6e00c66d54964c582cc8

  • SHA512

    1b73afad027bf565e0e4007ee5c6d0cd5b2420182c4de7179dcef7f7f91789aabab8a2b4efd17a5cd50432c3598ced5058130104daa57d9f0f8b71c4fd41b1fa

Malware Config

Targets

    • Target

      quotation List #039.pdf.exe

    • Size

      325KB

    • MD5

      2b1b6a99d9427ced3bcaaf141dd36b34

    • SHA1

      43e55e4c97dd72e3186e1849242f3cd62d991bd6

    • SHA256

      36f76be816898a8ac90603edeed2ff90983d062f047f6e00c66d54964c582cc8

    • SHA512

      1b73afad027bf565e0e4007ee5c6d0cd5b2420182c4de7179dcef7f7f91789aabab8a2b4efd17a5cd50432c3598ced5058130104daa57d9f0f8b71c4fd41b1fa

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks