Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.1463.exe

  • Size

    1.1MB

  • Sample

    220908-m3dvdsbegk

  • MD5

    0ce09a0d9e6f501f9b4839058a712ef6

  • SHA1

    de969216ac3b44862c490f0d8e74911fe36915e0

  • SHA256

    68ecb3a0784bbfd4ac9f3d1c76cfc09cff02b4298839e2e1b293e9ef8833b265

  • SHA512

    b63d3616ece35dbe634558a79d7d6cacc1b5d237288b440aa1f9e0e78c73f9cc1875e590dfed4269cb0b1ae41f982e388d9da0563a752371d33da83ff5745843

  • SSDEEP

    12288:2qDhBzE3BExvIGnv9friMBm2pIsVMspKeUlP4ysY/LC+kobWX6GeakXwM:lcREqGFfri63K1sY/LoqWX6F7f

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s92n

Decoy

granlogiasoberana.com

roblox-so.com

buycarsonline.fyi

thesaleworld.com

laterlifegroup.com

lov3stia.com

frdgg.cfd

businessllp.com

margaretsbeautifiedshop.com

123bet.store

sadalagran.com

psychedelicshippiez.com

bonitaspringskayakrentals.com

thorsbyinsurance.com

visionauto-int.com

k3cosmetic.skin

ilogtv.com

one-big-yes.com

houseofmorrow.com

pisigranjariogrande.online

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.1463.exe

    • Size

      1.1MB

    • MD5

      0ce09a0d9e6f501f9b4839058a712ef6

    • SHA1

      de969216ac3b44862c490f0d8e74911fe36915e0

    • SHA256

      68ecb3a0784bbfd4ac9f3d1c76cfc09cff02b4298839e2e1b293e9ef8833b265

    • SHA512

      b63d3616ece35dbe634558a79d7d6cacc1b5d237288b440aa1f9e0e78c73f9cc1875e590dfed4269cb0b1ae41f982e388d9da0563a752371d33da83ff5745843

    • SSDEEP

      12288:2qDhBzE3BExvIGnv9friMBm2pIsVMspKeUlP4ysY/LC+kobWX6GeakXwM:lcREqGFfri63K1sY/LoqWX6F7f

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks