Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Invoice 16-36-55.rar

  • Size

    633KB

  • Sample

    220930-kft7radhcr

  • MD5

    fefa9766790499708464fa8109a7a811

  • SHA1

    5d0165ee039edcf97af4fc475d8d06a255348664

  • SHA256

    334390d9684d06ddf9cba6191fc5ae450c3c8bcc3f3b0b667a855779573a2020

  • SHA512

    c7223adcc758550877edc365d5e642638eb96d8e0b8201756779feb444b038f6fc880d4e5c66610a7e807a04ad419a38c303b3fbb089d72e1fbf5b8eaf0ce7e9

  • SSDEEP

    12288:NEaQbPGIvFPkkq1Qsw6rrv5pYHHGWiBMKZsYgAJpa7nRzP32qIZQoO:NHYevk6Qx6JOHGW3KGTAD8RzZ0y

Malware Config

Extracted

Family

formbook

Campaign

d6iz

Decoy

FkA/Rc+zw+0paU+GEiQh+g==

u54Xp6nujzFowU4P

EOvDCsjIcMgdORQ=

AuwHDKo90fNowU4P

pgyJWSAeSn6PEafn3w==

3uX1Rw+ed9vrNQ==

jF5ap2Dv9C1PwGrd2Q==

HO748Nunv9ftKA==

Y3nTdCLF3gspa0+HEiQh+g==

sTcJEshxAzXL5wGzPaA=

E/w4u2Vb6henwGrd2Q==

HyiDPgQFmbk/EuMX3D7NrWLX0XU=

E2QDkA/Sapg7+GJV8ULKrGLX0XU=

OSgyD3k1WHd+8vQc48OmEfvTww==

AVwcD5BnNY6o588P2A==

OghAuUYpwNlqf3CtJsAyRL5h

qQbNBg5d+StQ22hVZXWVOK0=

/+bLGhaIK8gdORQ=

2EwZLB/UCA4=

he9L+LfD0TAFfsIA0Q==

Targets

    • Target

      Invoice 16-36-55.exe

    • Size

      918KB

    • MD5

      c5b76d08e1571dfd19d3ab265ec85b2f

    • SHA1

      e9efd2d3ed741511025c1f1b0f1eb1d97aab111d

    • SHA256

      10610b7b6275e7e957ad8992b94b7488d1d55ad72a169f1abc5410f10c717484

    • SHA512

      bc99f126b422cf373af6f5851e7368471e0505e56a42f207a2d79b407fb3de95ebc1defe1ee0cfbaf46f09b3a514ebd45b3ca0195fdf0f8e2d94fc339138bd6a

    • SSDEEP

      12288:Rj9dHqkbfDk3OLqKGTSXzurVj0dEaVj6NAIZuH9lu08jexVbQLJKKmIjYUkt+pLk:RRhHUKGTSXzuBjVZNNelu0FCI

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks