Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    s.exe

  • Size

    185KB

  • Sample

    220906-wxg5ashbh3

  • MD5

    891152fdc4a9c641e0cf335d289cb83b

  • SHA1

    ba22879cc40bc3e561dda82800724e3de91d0f55

  • SHA256

    7b6d4e90afc1063245c198d1333509bac7241f939692cb4110897003994c9e2c

  • SHA512

    2751b0aa82369ecc377a2aaba62f243978d8486b282e89d0ab302ad2bf83a7f8ecac50c99491c7f77d1fc11a70ff50a10f519e6d9f0f2818f8a604821dcd5420

  • SSDEEP

    3072:bTXEayzutz03V6DmMnpN0uWK7yXeBuX+u7bL1Knk11Ua:DRaVszpN0uWtXeBcp/Lcza

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

j02y

Decoy

toplinkstorage.app

danny-mickey.space

0755aite.net

okchurch.info

4tlracing.com

jacksoncafepaola.com

552northvictoria.com

eevakoskela.info

tradecontractortraining.com

abtbank.online

voicetall.com

chicken-shack.com

acmumzo.info

futureclosers.com

bctugala.com

adagihlina.xyz

emprendeahora.pro

bybala.com

hlcp5533.com

ingspira.com

Targets

    • Target

      s.exe

    • Size

      185KB

    • MD5

      891152fdc4a9c641e0cf335d289cb83b

    • SHA1

      ba22879cc40bc3e561dda82800724e3de91d0f55

    • SHA256

      7b6d4e90afc1063245c198d1333509bac7241f939692cb4110897003994c9e2c

    • SHA512

      2751b0aa82369ecc377a2aaba62f243978d8486b282e89d0ab302ad2bf83a7f8ecac50c99491c7f77d1fc11a70ff50a10f519e6d9f0f2818f8a604821dcd5420

    • SSDEEP

      3072:bTXEayzutz03V6DmMnpN0uWK7yXeBuX+u7bL1Knk11Ua:DRaVszpN0uWtXeBcp/Lcza

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks