Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    73KB

  • Sample

    221102-d7l7wshad7

  • MD5

    9f3d2f161ab12215d8127143188fadc6

  • SHA1

    2fa3f6914fe95ebd19d6395fed3296dee351ec56

  • SHA256

    42ff33d8a2c198145c876fbfab4855fa43faaf292d10c73f144619c34714f97e

  • SHA512

    b2cad85987c0b431323396a68a609422a7665033f25f43fb7e2430b192eafe00d375ce8b518385b962d0b4601ac170184096f5b5015e536c5cf0419fa22c5d61

  • SSDEEP

    1536:4WmCpPvpguzG3Uj/mvaVaDLGnsyjLixPd:4W3PLzUSmvaVaDLGnsyPA

Malware Config

Extracted

Family

formbook

Campaign

tu7g

Decoy

fbbktzFKN8MB1h8=

FPidEXGfkl0WqgXoVhHehw==

iHEjIL7XwJdpN6Er4Evhu03o

fHQTMsjqD3cPpQ==

VDXmCsr22oYhshz/Fg305nF21Q==

j4ZHfk5rRf6tVtwbMRU=

AORqAXKWy4R+//VwFdB6VVk=

9PW0Yw9RkIfer5+/bum7nlxwy1QfDQ==

ZU8mUjRgSOn3d0eFD3puQgVpnaAj

nlHgT2aJaMMB1h8=

+qc6XcgwdjVsEgKQ2zT+

/gCHJbBZrWjx1OZN40Hhu03o

48dX+WeLWAjFZMR2lItP8bJ87X4=

+N6H9VVzix7uogI=

Jf/NAPQe+8we7uftVhHehw==

YmANk8T+ix7uogI=

GTKxpLAYsJTl

pT8FM/QacYAV/+VInxn0

8JAnF9PnyZA29xH3Iw==

8ZdFPhCvGxYBxRCTqtB6VVk=

Targets

    • Target

      file.exe

    • Size

      73KB

    • MD5

      9f3d2f161ab12215d8127143188fadc6

    • SHA1

      2fa3f6914fe95ebd19d6395fed3296dee351ec56

    • SHA256

      42ff33d8a2c198145c876fbfab4855fa43faaf292d10c73f144619c34714f97e

    • SHA512

      b2cad85987c0b431323396a68a609422a7665033f25f43fb7e2430b192eafe00d375ce8b518385b962d0b4601ac170184096f5b5015e536c5cf0419fa22c5d61

    • SSDEEP

      1536:4WmCpPvpguzG3Uj/mvaVaDLGnsyjLixPd:4W3PLzUSmvaVaDLGnsyPA

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks