Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ETOS project Specifications.exe

  • Size

    732KB

  • Sample

    221003-qk3ycahacl

  • MD5

    2bf247b62106faa756c070c4e017d402

  • SHA1

    63ac2ac4e94d66d285968035c55f02917c419744

  • SHA256

    90afcb6b9e301d7081737182f7f3e3bff751ba972d161d8da5c24db1d0d36dc0

  • SHA512

    be7c4f17616124423de69e3e2846ce89192c9577111a81bbd13ddccbdb3cae20fd18a92ea6984198ad4e0c3b8b287e0c6df66a99b067ff745bfe177f8d9248f3

  • SSDEEP

    12288:MmAzQsRZDsItEVJ6AKJQ84lSt0/2V+4HPI/yCfJuZXLN1:+zQswikDD5lSt0+ZQKUJuZ7N

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vo84

Decoy

laurenciavachulova.one

sabuilders.store

masxot.xyz

matchfail.com

suararakyatnews.net

kykm.rest

richardsmartinezh.site

morehouseweneedyou.com

depressivepawnclub.xyz

yenilenme.net

allhiejralstore.com

9993808.com

sleepshastra.com

weplay-classic.com

propertyofpalestine.com

onirica.club

yohelios.com

fcorruption.com

tongdans.top

richmondmassage.store

Targets

    • Target

      ETOS project Specifications.exe

    • Size

      732KB

    • MD5

      2bf247b62106faa756c070c4e017d402

    • SHA1

      63ac2ac4e94d66d285968035c55f02917c419744

    • SHA256

      90afcb6b9e301d7081737182f7f3e3bff751ba972d161d8da5c24db1d0d36dc0

    • SHA512

      be7c4f17616124423de69e3e2846ce89192c9577111a81bbd13ddccbdb3cae20fd18a92ea6984198ad4e0c3b8b287e0c6df66a99b067ff745bfe177f8d9248f3

    • SSDEEP

      12288:MmAzQsRZDsItEVJ6AKJQ84lSt0/2V+4HPI/yCfJuZXLN1:+zQswikDD5lSt0+ZQKUJuZ7N

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks