Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    EFT Payment 27September.exe

  • Size

    426KB

  • Sample

    220927-rsnztsegdk

  • MD5

    99128801351b81b164690fb32ddfe74f

  • SHA1

    f8f2a0beaf18ce9311ada5ae7fd8dde3914771de

  • SHA256

    fac949564f4665701edaee8c5228133b6c84842fef319a82e8909ddeaa215de6

  • SHA512

    22a6f3d58634d462fd4281dbe2b975df010056bf2b385be110256430289d198640422f0a149607ad72d331bd34cf769fb09d80d22b05da4817d6d1c6db2f91bb

  • SSDEEP

    6144:EKTmSHR5ZwZv+Wxt5+3GE4msba3k4kwsEYA8Ki:XT/x5Zw1+WlA2Vb4kJbEYu

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tg49

Decoy

497338.com

shoptickr.win

support.academy

cloud123.top

manhattanmaintenance.site

sustainabilityblock.com

mertbnkae.city

letshookup.site

aqiqahkarawang.site

play-demoslot-coktogel.app

taikatarot.info

insanxarakterleri.com

bobdoessport.co

inexecution-oarsman.net

aspirationit.com

88bet2255.com

northbowlodge.com

downjc.com

diecastcoin.site

pubiliweb.com

Targets

    • Target

      EFT Payment 27September.exe

    • Size

      426KB

    • MD5

      99128801351b81b164690fb32ddfe74f

    • SHA1

      f8f2a0beaf18ce9311ada5ae7fd8dde3914771de

    • SHA256

      fac949564f4665701edaee8c5228133b6c84842fef319a82e8909ddeaa215de6

    • SHA512

      22a6f3d58634d462fd4281dbe2b975df010056bf2b385be110256430289d198640422f0a149607ad72d331bd34cf769fb09d80d22b05da4817d6d1c6db2f91bb

    • SSDEEP

      6144:EKTmSHR5ZwZv+Wxt5+3GE4msba3k4kwsEYA8Ki:XT/x5Zw1+WlA2Vb4kJbEYu

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks