Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6ec0c1af929d468390638567352ac6ca1d56b3732ff159ccd043ffbd9d57721a.exe

  • Size

    780KB

  • Sample

    221011-jhjy5acfgq

  • MD5

    a93f5a2c6e1278d1b8b93e8e9b950f26

  • SHA1

    5c3a7b41d017bcabf9d441d81c6c46a05b76d0f6

  • SHA256

    6ec0c1af929d468390638567352ac6ca1d56b3732ff159ccd043ffbd9d57721a

  • SHA512

    af0177762430bef805da4a751748607b3a637d852230692665ac455b12ac9c362912434221cc68d09e4b2a80b1b04eb5187285f9cda64354749b60ec600ca5ff

  • SSDEEP

    12288:WAv2iN9IcvSoun3A1fLsumo2Hv3hqWxGAT8dTTip5Q+:f1rAn3A1DsucjGJ9+

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o5df

Decoy

glassesfx.com

yunboer.com

countryvillagerx.com

ravensclawcollectibles.net

ambiencebodytherapies.com

cbcgroup.solutions

east2westcoasters.xyz

vegasggcuan.com

sistempakarsapi.site

assoroc-chinon.com

thegauntletchallenge.com

johnandsophie.com

followeona.xyz

bulgurmachines.online

pippaandi.com

warax.online

trygamesandearnrewards.com

newssergipe.com

savingsellersthousands.com

sniibe.com

Targets

    • Target

      6ec0c1af929d468390638567352ac6ca1d56b3732ff159ccd043ffbd9d57721a.exe

    • Size

      780KB

    • MD5

      a93f5a2c6e1278d1b8b93e8e9b950f26

    • SHA1

      5c3a7b41d017bcabf9d441d81c6c46a05b76d0f6

    • SHA256

      6ec0c1af929d468390638567352ac6ca1d56b3732ff159ccd043ffbd9d57721a

    • SHA512

      af0177762430bef805da4a751748607b3a637d852230692665ac455b12ac9c362912434221cc68d09e4b2a80b1b04eb5187285f9cda64354749b60ec600ca5ff

    • SSDEEP

      12288:WAv2iN9IcvSoun3A1fLsumo2Hv3hqWxGAT8dTTip5Q+:f1rAn3A1DsucjGJ9+

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks