Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Trojan.Mardom.MN.10.23111.3388.exe

  • Size

    1.1MB

  • Sample

    221103-rjed2abbh7

  • MD5

    3c21079c403687f4339a136919931ef5

  • SHA1

    05bb1260bbdc0d05460f41e2423691f7c044bbe9

  • SHA256

    2088000ab7a60b6d9eb519d1da9d42934e908a9724ab6977bc853d30b7f96642

  • SHA512

    1285f2e9b1fb1cf2785f88514542a8bf7beeed52558fa9fb49280e2c91b1e17ccfc514435969491cbd0cd0d4f9d29e7803eec248ca43e04ebf37d5f14d05bc38

  • SSDEEP

    24576:LNlitFN9lSz5iPqjiX+Iv3GytN1YeZo82E+u6Sz73JEL:LvizNCzc2I/GYNj6zup5E

Malware Config

Extracted

Family

formbook

Campaign

u6hu

Decoy

OvIuZKrtOMxghbaZbvb/8h9g+Q==

mjHLVEVO8gwVeZ+7

Lh1lcZzH8pTXgpdDzV0vzyVooAsviHQ=

OzJXhMQYaQKNT1aBY/gM8h9g+Q==

WSJFbX28mK+jXVvRJofdtSc=

mEv6JdT2o7Nq++XYt8MFpx5QrhRdhA==

Wxf/NnjMRlBj6JK3jg==

nB21Q0tg7gEVeZ+7

IZinOswGUPAn51eHvCAoMetC

INxV9PYg7AQP0xyDAyg=

kkZP+Iq1AgMVeZ+7

meuru6sSaxxuoLS7gA==

y0jMTFyffedqCSRXVfm/

sJbTfRVKuQScxw==

+ecHP3ayIjYFnb7j2Pt6z5dK

uZnHRwRE9QwVeZ+7

ZBg6Sy054P4oHp0DknCx

nFXn8j4yTuJ9aOfNlw==

35ygHt8uASpReRyDAyg=

8nT3T+8eWeh6aOfNlw==

Targets

    • Target

      SecuriteInfo.com.Trojan.Mardom.MN.10.23111.3388.exe

    • Size

      1.1MB

    • MD5

      3c21079c403687f4339a136919931ef5

    • SHA1

      05bb1260bbdc0d05460f41e2423691f7c044bbe9

    • SHA256

      2088000ab7a60b6d9eb519d1da9d42934e908a9724ab6977bc853d30b7f96642

    • SHA512

      1285f2e9b1fb1cf2785f88514542a8bf7beeed52558fa9fb49280e2c91b1e17ccfc514435969491cbd0cd0d4f9d29e7803eec248ca43e04ebf37d5f14d05bc38

    • SSDEEP

      24576:LNlitFN9lSz5iPqjiX+Iv3GytN1YeZo82E+u6Sz73JEL:LvizNCzc2I/GYNj6zup5E

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks