Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ungziped_file

  • Size

    224KB

  • Sample

    221031-m2xacaagb4

  • MD5

    c7eac5a7087af67171d5515c27d6f927

  • SHA1

    3e036ca39fab2b5e47aa297b5951954ac45dc6f6

  • SHA256

    0e00f12317743737906e4779e5a936985e8ee76a8254a7ef81f67a5509e9f524

  • SHA512

    cd8f759a09101917d053cbcf3a2269709711e959ac7c655813b8d288da6a507fedd42b06f9fc5a7e17298607543317ccf3fde2754ac7c0120d3513558ac071d5

  • SSDEEP

    6144:qweEpSKY3hdH6CVjlmaEJlnXEGkCnFSN6xZkfpNvpJ:bSN6mlFm0GkiCSChNj

Malware Config

Extracted

Family

formbook

Campaign

0nta

Decoy

gbsCquDKPUb+i0Rm

eccFwzyxeEotI8Ul4YIzPg==

bdsn2Sl9Bol+2aFJ6MKrx3NcrN+kLrA=

SLPEtzgs6DQUEdHiW3vibToq

Bl967wbymDrsQ18=

BWvuZozwNlwVYjPGv4hDOw==

L5nwqf9dGOOqwX+MGq2BhkBzz+ne

X6uAMol2Y9eex43gdg4=

0jFwFmPSjKJeT0s=

O3q7eQw18Jxs

R6HrqxiWheCCueVv

K2V+CD6jnKBbVPYHy89ho8I=

YLcAq+U9+uDgOfvdLvzp

kQPCgwDontKJxI3gdg4=

aeIPy0axLpNaaA52M8aGxaNE/Qk=

9T97HXSZjG1l

Nm9n0uvKQ0j+i0Rm

DIKJzOFACPe0LwgytIse0U/TqkgGhA==

Ya+2H09GvMXEEiy/0GLibToq

cruIS/BVRkv8+LjVkzTibToq

Targets

    • Target

      ungziped_file

    • Size

      224KB

    • MD5

      c7eac5a7087af67171d5515c27d6f927

    • SHA1

      3e036ca39fab2b5e47aa297b5951954ac45dc6f6

    • SHA256

      0e00f12317743737906e4779e5a936985e8ee76a8254a7ef81f67a5509e9f524

    • SHA512

      cd8f759a09101917d053cbcf3a2269709711e959ac7c655813b8d288da6a507fedd42b06f9fc5a7e17298607543317ccf3fde2754ac7c0120d3513558ac071d5

    • SSDEEP

      6144:qweEpSKY3hdH6CVjlmaEJlnXEGkCnFSN6xZkfpNvpJ:bSN6mlFm0GkiCSChNj

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks