Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEW_ORDER_00041221.EXE.exe

  • Size

    6KB

  • Sample

    221007-sqrtdachhm

  • MD5

    78715a3a620e1f4b1937a1bd7e764e57

  • SHA1

    0b67de4eaccbfe16d41bedc538b2a64bffaecbb0

  • SHA256

    37ad2a3bfe4e60fb4ad6f9edf3bd25602ebdbacf2ce429e96c3ec7b4213090e2

  • SHA512

    b55a095194d506bd111fe9d93440ee97be0f9418256e839ee3ce892af1206711402c493bdbeca021d4187433c0f080febfa44451e03737c3ddf6f0b6c9ccd91a

  • SSDEEP

    96:x+UKECqBC+bbhb4Lp5zV6ur8y2LnfoYYMxaDzNt:xgwHhcLp1V6ur+LfoYY5F

Malware Config

Extracted

Family

formbook

Campaign

gski

Decoy

w4dqmeRbroucK1d6Rjoieflr

4aOmGT8hdudzUsv7ZSwieflr

3sTC4jMnhzX+pOJNTZ4=

JcH9cI2V8BEeA0eA

doY0NLSYANTXiHt9/fbsP706cA==

KhN1zCT4Nb5T//UnNQ==

y4/RV2RRqNEr0c4nzNWP

x8sfUpcmiXqxdfls0dSN

rlygM3RQmQ7DliRSBQUKpWJ/FuU=

s672RU9HtT3XWaTvdEidsoLRjZb5J5oE

uaT/Znv3O9WfXs8GBluj2Z2szeMP

QvElhI8JUPHBlRsjsodB5GmUzO0W

2uM5rt7BEpcswwJhDA8JnA8=

TDFfhORfvuRP//UnNQ==

MtPNDl4mh1dSxgZs0dSN

ejpoOLXE/Wa7zMwppl3JOt8faA==

8qPraI3lOFSrRmCSR4EnHQc=

+LOpAwtx0LfGnOJNTZ4=

wMQehpwddDxHII+rVCwieflr

8KPhZrjGG//aix1s0dSN

Targets

    • Target

      NEW_ORDER_00041221.EXE.exe

    • Size

      6KB

    • MD5

      78715a3a620e1f4b1937a1bd7e764e57

    • SHA1

      0b67de4eaccbfe16d41bedc538b2a64bffaecbb0

    • SHA256

      37ad2a3bfe4e60fb4ad6f9edf3bd25602ebdbacf2ce429e96c3ec7b4213090e2

    • SHA512

      b55a095194d506bd111fe9d93440ee97be0f9418256e839ee3ce892af1206711402c493bdbeca021d4187433c0f080febfa44451e03737c3ddf6f0b6c9ccd91a

    • SSDEEP

      96:x+UKECqBC+bbhb4Lp5zV6ur8y2LnfoYYMxaDzNt:xgwHhcLp1V6ur+LfoYY5F

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks