Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ef0ceab01e813f995915d6c596bd663a469928024e9295b093388a4a7215bb1d

  • Size

    694KB

  • Sample

    221121-rpp3qadd32

  • MD5

    c4523a20a3e46acad92e1cb38adc378b

  • SHA1

    3f239f11ee2a8728cc65266111abbf64b1f8dc53

  • SHA256

    ef0ceab01e813f995915d6c596bd663a469928024e9295b093388a4a7215bb1d

  • SHA512

    4b0c6c0615b8c16583e21e7b68ec5c38e0f5ac1f480f3308d5734ce598836a2e27a80e2959458690ee9dcd7544ece9fad7e23b6c0356784524d6e0e439b4162b

  • SSDEEP

    6144:rEa0dpkNz07AFqV57lNO4/mq3kl9SK5WO+Dg/Fb5aHDiTBfA+RhdUx9:Y57lNPmikl9SK5WAHkDiT5AshOf

Malware Config

Extracted

Family

formbook

Campaign

54ut

Decoy

1DeiXmzDLw+mW17NwLBXpXM=

Nouf/qArBV5GAPfIhxWPkDFrVQ==

9OCYganx4VaCX1EY/sUSfRDLx6s=

xh8rlilJ/SGckKI=

HGyA64YZyhUs3jvzno2F

yx7/XhxTuRiTcnLKrrOOXTrpW60=

ZYI6IbtcBFx+OpnLU0nXmw==

MhgenS1xYWYThQgS+A==

s0ada4bHHvtWWbYb

2/4IbaW+Ljsy6Ujzno2F

Z5WdKMj5YLgpH0ypdTEcLe2W/lf7j6Io

xXTmzNjzpvUMwTAHwYv2kw==

kcbnSAS0pkV2G1fXsFktVxiXmLTktXY=

PU0V5f0rnqjEhQgS+A==

Z8aNX4Sm/dbGhQgS+A==

s4bq4W4D4UJdYqqvU0nXmw==

a56Z6W0Asvwh3jzzno2F

Qmhm+fY3o6bEhQgS+A==

WIFCKZ/ZO+dCwTAHwYv2kw==

Nqjne5GxXbzY1f3Qp2rBkDFrVQ==

Targets

    • Target

      ef0ceab01e813f995915d6c596bd663a469928024e9295b093388a4a7215bb1d

    • Size

      694KB

    • MD5

      c4523a20a3e46acad92e1cb38adc378b

    • SHA1

      3f239f11ee2a8728cc65266111abbf64b1f8dc53

    • SHA256

      ef0ceab01e813f995915d6c596bd663a469928024e9295b093388a4a7215bb1d

    • SHA512

      4b0c6c0615b8c16583e21e7b68ec5c38e0f5ac1f480f3308d5734ce598836a2e27a80e2959458690ee9dcd7544ece9fad7e23b6c0356784524d6e0e439b4162b

    • SSDEEP

      6144:rEa0dpkNz07AFqV57lNO4/mq3kl9SK5WO+Dg/Fb5aHDiTBfA+RhdUx9:Y57lNPmikl9SK5WAHkDiT5AshOf

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks