Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de.exe

  • Size

    865KB

  • Sample

    220929-srbhsabcc7

  • MD5

    6cec68a114c5819a40c4b2d5fcf842da

  • SHA1

    96d986f3ee7b4e8df59868337621d282ece89474

  • SHA256

    764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de

  • SHA512

    58265c58039a514d7cd888c612a15ea1073ad209cf72627aa20b11f0a53351d42bf6a5a01860da5c22036e38fe17ec5f00d914f29992b9a062d7958556688341

  • SSDEEP

    12288:+UxjsqTpr6h76xNUNpkUmVhzKMJBjUwkBrjXr5dsAjPJc:1pTlr6d6QTkpVJ9TYwoTs

Malware Config

Extracted

Family

formbook

Campaign

tbgn

Decoy

72uabkWDao+ISa9+tnvd8g==

iHmPX6PZRe2+KUpH8bvyQ68=

DDZrOvw0IT/2cK9sgmSn5Q==

c9nixBxRvLxNBkHR/Q==

Ms/6ydhGJCsp8F8rmWeBMbg=

9vwtEc/074RPygwVx3vJk1Sj6nRnFQ==

3Xy/qN8agnyJQpliwmSqtMLvdQ==

4YelbYl+4fT6sSYguZ3Lhh+rSJQ=

3HSghdAThh2rZPMKqkifKesnqu9orLE=

zwA5DmqaB+VyYuw=

JcUFx6bdrcZbFjWu4rL4

IL7z2C5vtEdYBx/NAYE=

H4+ggrrmXwTFTain36T5

IBEn7UyPK8eER+id9w==

j7LfxdFDOWJlInsaWRhTRMXjLpByHw==

gBsrBXWAXWg9MqYDIug0G+l2k9gQ

432wiJgA7Ox7OsNDexmDtMLvdQ==

fJzoyChf4PQCtyIny2K6jQsBLpByHw==

gLTzwFJTKj3Pds0HC83YDd4h

EKPToXy2sdR1J4bau1KqkwsBLpByHw==

Targets

    • Target

      764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de.exe

    • Size

      865KB

    • MD5

      6cec68a114c5819a40c4b2d5fcf842da

    • SHA1

      96d986f3ee7b4e8df59868337621d282ece89474

    • SHA256

      764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de

    • SHA512

      58265c58039a514d7cd888c612a15ea1073ad209cf72627aa20b11f0a53351d42bf6a5a01860da5c22036e38fe17ec5f00d914f29992b9a062d7958556688341

    • SSDEEP

      12288:+UxjsqTpr6h76xNUNpkUmVhzKMJBjUwkBrjXr5dsAjPJc:1pTlr6d6QTkpVJ9TYwoTs

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks