Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b3a41dea7c4e14a4f0dbce7c76229121c97bcc0950ce35e59c27ca2cbe6b28a1

  • Size

    608KB

  • Sample

    221220-cslr5sge88

  • MD5

    9d07f99187d4dec0f64396ca8a76d5b8

  • SHA1

    1538c9e430041eceecf0d12c210ff8871b9ca67c

  • SHA256

    b3a41dea7c4e14a4f0dbce7c76229121c97bcc0950ce35e59c27ca2cbe6b28a1

  • SHA512

    df0d8888e3c2e9fed88676882bde8a51231fc6f8e19e45c9d0ade2a12250d4575ac44520f43363b85000148ca2e9401074a2fc07d2dd169400ae0ef2212df29c

  • SSDEEP

    12288:sBMPrfQL69T/gVdnKkCaHDGjl+F2Owm84wpKziRechzf3NWWI2t2M:LtgVBK2jGjl+F2TqwpKz1CzPNWy

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b47h

Decoy

whistleblow-now.com

14live-msa.one

yenitedarikciniz.xyz

marmargoods.com

full-funs.com

saoraigne.com

noemiaguesthouse.space

datatobe.community

sollight.net

wavestudios.pro

freeorama.com

fasinixiaoribenguizi032.com

mariajaq.com

hyper.vote

aedin.dev

docind.com

zhulinx.com

estairon.best

mlnphotography.art

1948ardithdr.com

Targets

    • Target

      b3a41dea7c4e14a4f0dbce7c76229121c97bcc0950ce35e59c27ca2cbe6b28a1

    • Size

      608KB

    • MD5

      9d07f99187d4dec0f64396ca8a76d5b8

    • SHA1

      1538c9e430041eceecf0d12c210ff8871b9ca67c

    • SHA256

      b3a41dea7c4e14a4f0dbce7c76229121c97bcc0950ce35e59c27ca2cbe6b28a1

    • SHA512

      df0d8888e3c2e9fed88676882bde8a51231fc6f8e19e45c9d0ade2a12250d4575ac44520f43363b85000148ca2e9401074a2fc07d2dd169400ae0ef2212df29c

    • SSDEEP

      12288:sBMPrfQL69T/gVdnKkCaHDGjl+F2Owm84wpKziRechzf3NWWI2t2M:LtgVBK2jGjl+F2TqwpKz1CzPNWy

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks