Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

25/10/2022, 14:04

221025-rdmhfschd5 10

25/10/2022, 13:32

221025-qs4jvachar 10

General

  • Target

    formbook5.zip

  • Size

    589KB

  • Sample

    221025-qs4jvachar

  • MD5

    4b118775084acfc30f6a39c7abe43e63

  • SHA1

    91162b489936d424978cf74b555fff5ac6acb1c4

  • SHA256

    392d84c160a17dd93a78b8549f5298d43d1f2ead6d236a1780bc290cc864e615

  • SHA512

    c9139310c2067f14825647e1c708cf51fe0f373f149873ef162a7348978665dc6d61579b40d706d2987619d1ea7e34554d40344741a354653d2b8c69454e3105

  • SSDEEP

    12288:WK5B2RjIGHF8tvs26RXTfpbegRznZ7eLtieStN5R0qRCsOi9Arr3:WK2tl8tvs26RgSznZq0e8N5RL0i9Arr3

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gs25

Decoy

real-food.store

marketdatalibrary.com

jolidens.space

ydental.info

tattoosbyjayinked.com

buytradesellpei.com

61983.xyz

identitysolver.xyz

mgfang.com

teizer.one

staychillax.com

ylanzarote.com

workte.net

maukigato.shop

coolbag.site

btya1r.com

dkhaohao.shop

zugaro.xyz

boon168.com

xn--80aeegahlwtdkp.com

Targets

    • Target

      formbook5.exe

    • Size

      718KB

    • MD5

      39cffb366d87292f4b5efecf69c32774

    • SHA1

      104fe2e617556e97af1a6f5082bba003a8e9ff3d

    • SHA256

      37e9f15077e6491eade2a03b73b9f48b0037c6995a5fbecdae7a942710d1dde1

    • SHA512

      d508a86dc49fc5737904b23ceab055329ebf47dc77b119297a8d1fb6c1f17217a24ec0a714787e8dcda215381549a04d77d8212f0fd83ddcf1de545453d4078f

    • SSDEEP

      12288:3hUWMtLdsIJ4Il6RXTTpbe0RRnT7QLtAeSfN5r5pHM2as8i9Rr5o7We:xhMtBsy6R82RnTEmewN5rr8i98

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks