Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    1.1MB

  • Sample

    220909-nyaslsbhbr

  • MD5

    911b41caf07e1358460415fe7ddc9ba5

  • SHA1

    2a2e2120055b91824166b4cbecb86b25cab7a6f1

  • SHA256

    4562af450cbc44c9ddf59509c802f83abcc2dc66a2eccc0b734ea7ceded60522

  • SHA512

    92f5410901ce62f81bd2d1e0e86cd3492b05fcf415a271e9784994239296b3001e1a53b5ff176d1c3cc09fa42ae1e0c379cada397c74d7e232590e048938b80d

  • SSDEEP

    12288:imIFTT41hw4e/ehLrz9+maNmNR734hodpBXk8jB6rSDdrCsv6ySk1hw4e/:lIF/L4LJwNmNYqpBXXQCOsvu4

Malware Config

Extracted

Family

formbook

Campaign

nytc

Decoy

xxa3lYw6m81Pd//kzzAdG4U=

YXZAfGEJkwXABM5TR/E=

hUbaOQOt0DYguI9XS8pwJrEZWmU=

A/ygqm4Kfa0kUcnqnsJDp+zEWGM=

RORz56hFPHnrLO2iW0+9

iqg4UizXgbNRcvmiW0+9

VRTafWQvdNtipVkn5VtZyrF/+rnbCQ==

gQueRkb7G4Z/Jvu3qBQZNo8=

ePKbHxG8f76FOQesODERPA==

fHESMDnjE3MqK+7b

0k/peV8LzCGeqzU7ODERPA==

cTQPl24ePactS+KiW0+9

pjTaSRTKnctzqirmZx/oa3X0tg==

aAWYMRriqLzAA85TR/E=

tDgT5cRmmQqRpFrkpR+4

drFaFOGXywjGUxzL9wm++AOs

Okbd//qcDXIbai4QB7WKaH+p6bEPPfgV

ae/IhkTwKWcXT9mY6A+++AOs

eEbmHeuHEHk4xoclVxQZNo8=

C2I8W0/9c+jsDk/CmEn8Ng==

Targets

    • Target

      tmp

    • Size

      1.1MB

    • MD5

      911b41caf07e1358460415fe7ddc9ba5

    • SHA1

      2a2e2120055b91824166b4cbecb86b25cab7a6f1

    • SHA256

      4562af450cbc44c9ddf59509c802f83abcc2dc66a2eccc0b734ea7ceded60522

    • SHA512

      92f5410901ce62f81bd2d1e0e86cd3492b05fcf415a271e9784994239296b3001e1a53b5ff176d1c3cc09fa42ae1e0c379cada397c74d7e232590e048938b80d

    • SSDEEP

      12288:imIFTT41hw4e/ehLrz9+maNmNR734hodpBXk8jB6rSDdrCsv6ySk1hw4e/:lIF/L4LJwNmNYqpBXXQCOsvu4

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks