Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    mary.bin.zip

  • Size

    28KB

  • Sample

    221027-3qq7ysechk

  • MD5

    1e2f3bee32401d913b39df985cbc4ca8

  • SHA1

    4536675b00aa1967474bf3e2a97c55374e6e8439

  • SHA256

    049549f50f5dd8774148408e909bee0ae120ef176386ed3857ed77c9b52e6667

  • SHA512

    2a8b55a6cfd98aa8c5c710af62ccb7ff49eaae87492a9f3f04c54e3cbbcc2e683d5077e07e38fac84f6061f54d1c103ae363b31bcba55d789b50f0dc98a84543

  • SSDEEP

    768:eg3bUOYujciJyndDG/muopy9Nrg0bG43N52HHrM3k:iTuAiJoyZ3rgJ49Cw3k

Malware Config

Extracted

Family

formbook

Campaign

bbuy

Decoy

wqbqKCTkCwjtbad3vwJI6Z+a

EqD7JRhUV2ZQDnU=

UlWd0LffZzZeGY0BzkxroA==

sAbXk3SNlPOcRleKI+k=

HCpzqZKnJGDpf+qsxnOnvQ==

vGdG6Ezu8mctzfLnmX/FLDeiPS3M

tcctT/pPwrv7mdA0aw==

Tr6fUz4Ae0mrGA==

NxZtBUfk3aqxS1eKI+k=

TSUVzyy9hBs65j7xXSRVBx+M

fObBavCu4OEt/0pTr98J

2ap9Oy1p8MQP+EtTr98J

FL4Q0TXr1iHWjezVUdQtFT4=

kSFvf2KUliCDOWwacw==

ctqtSLZvqqr/xym6xnOnvQ==

8DqrrnN58fVC

fIrZCP4xwLt7CkGppluStw==

PFKUNZxcpLCtk6yjMus=

4CKOs2UMhs9P8EvLAXO1Hj8aNA==

0pEGOQOa0+SOV9AnYg==

Extracted

Family

xloader

Version

3.Æ…

Campaign

bbuy

Decoy

wqbqKCTkCwjtbad3vwJI6Z+a

EqD7JRhUV2ZQDnU=

UlWd0LffZzZeGY0BzkxroA==

sAbXk3SNlPOcRleKI+k=

HCpzqZKnJGDpf+qsxnOnvQ==

vGdG6Ezu8mctzfLnmX/FLDeiPS3M

tcctT/pPwrv7mdA0aw==

Tr6fUz4Ae0mrGA==

NxZtBUfk3aqxS1eKI+k=

TSUVzyy9hBs65j7xXSRVBx+M

fObBavCu4OEt/0pTr98J

2ap9Oy1p8MQP+EtTr98J

FL4Q0TXr1iHWjezVUdQtFT4=

kSFvf2KUliCDOWwacw==

ctqtSLZvqqr/xym6xnOnvQ==

8DqrrnN58fVC

fIrZCP4xwLt7CkGppluStw==

PFKUNZxcpLCtk6yjMus=

4CKOs2UMhs9P8EvLAXO1Hj8aNA==

0pEGOQOa0+SOV9AnYg==

Targets

    • Target

      mary.bin

    • Size

      56KB

    • MD5

      e8bf77b057a93cafe70b86fdb9da6aed

    • SHA1

      53f70d6a1f0a48522d90e1612bdf3c4b122fc504

    • SHA256

      f53340a00d5248f81164bd5a1880698c4926cf62dc2fc5c93696f87780733b1a

    • SHA512

      56d4f69822d9790caec4d53a3112038c7b0b518c013638ad7865dbd7a5e80d3d46b4da5d6170e888f5f3ae6c58231b2c3fbc7763f3107965eedb52b05d46461f

    • SSDEEP

      768:k8s3JoK3x2Ncv+kIQZ5N9Fe6HmBouzruiRPPrk+FP:kB36I1vxIMW6HmBxuixPd

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks