Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    38611cbec59d31636dfa80e39146bc9c96d3515fbafd9ea16f7392bdfeee69ee.exe

  • Size

    917KB

  • Sample

    221010-nqkmvabfd2

  • MD5

    f25e3594aba0fdc9c3d98043bedd16c6

  • SHA1

    bcf633e24eff060782aaf7dd6e5a1fc61796d586

  • SHA256

    38611cbec59d31636dfa80e39146bc9c96d3515fbafd9ea16f7392bdfeee69ee

  • SHA512

    da43b1977800eee7cfb046d536fc1e7b804791dace90996be5e41f29c66b31d14e37e3a98626357a8706a234ba378617a49facae75c811405a1b44a5cd56d6d2

  • SSDEEP

    12288:kYRcrWWvUZ4tlgD9yvR+ZBKm6M4qHKuw3BMUhpU1xo5Mik4EhBHglt:kY2vUZ4tlA9URmkm6dqqV3ecpUL

Malware Config

Extracted

Family

formbook

Campaign

vez2

Decoy

GCFh2WRY8h1RjEXapwS7Ck9LsYM=

Kw/ixUjrf6eR4l/24Q==

UU+jUhRwjrFC148Z

QbmEkwuT9vV0auS9f1g=

X/Bx/B8ftQ==

VkMUQmSy0OalCood8g==

BNLY7KKp9TVIQOS9f1g=

4T0IQw/gaKqntY81D2bTIzrbjw==

hVWRNvRVcKktVh2ymZKRgeSyJ0RoIbo=

Fef69GXN5DS86bNZQiZFu/q98os=

28+h068jMHplsKGaJQxI

5kXPNMQEFGjp6MuaJQxI

3U8XDYYOlJwvdF0f4w==

XVqaJqutwWlhek3SahJ4hg==

8g9h2U1zhLBC148Z

Q8NMHfa/7y+yrZpDEgLiBZBvwVt9Vvm5

jXeQnSyl0RXqI/ulQvZ9jA==

3cHSwlLqCBnkOQy9jXZ7AiKZ

6PU7tS0owgIcNy/fahJ4hg==

WVMuelelvwPA9XaFQtUSN8o=

Targets

    • Target

      38611cbec59d31636dfa80e39146bc9c96d3515fbafd9ea16f7392bdfeee69ee.exe

    • Size

      917KB

    • MD5

      f25e3594aba0fdc9c3d98043bedd16c6

    • SHA1

      bcf633e24eff060782aaf7dd6e5a1fc61796d586

    • SHA256

      38611cbec59d31636dfa80e39146bc9c96d3515fbafd9ea16f7392bdfeee69ee

    • SHA512

      da43b1977800eee7cfb046d536fc1e7b804791dace90996be5e41f29c66b31d14e37e3a98626357a8706a234ba378617a49facae75c811405a1b44a5cd56d6d2

    • SSDEEP

      12288:kYRcrWWvUZ4tlgD9yvR+ZBKm6M4qHKuw3BMUhpU1xo5Mik4EhBHglt:kY2vUZ4tlA9URmkm6dqqV3ecpUL

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks