Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d7522af8f62b472e0fd325102ec12624.exe

  • Size

    1.0MB

  • Sample

    221223-e6542sba5t

  • MD5

    d7522af8f62b472e0fd325102ec12624

  • SHA1

    04470c6f012a16ada80839931be700ee4421e8d0

  • SHA256

    6a8b8d64cdbdd6d21a4c56e47929c8dee133615149ef899342842fbbe910c2fa

  • SHA512

    0b53d1660aed71d912d418522f43d526ba1c4556900805e9ab50e096282621163bcff6e3de7e2a2e0e9a1cff6a7143cedb0a4df8a2216cc704441b6a9fb05db7

  • SSDEEP

    12288:LZ+2iN1/Sr+pYH8c+9eG8zYJDkrL+oQ1+vJoKWFcVBYt+zAf+mDXttarruVBDUJ1:A1e+YH80G8zYJDkrLTQ8qKWFQ3zp

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b47h

Decoy

whistleblow-now.com

14live-msa.one

yenitedarikciniz.xyz

marmargoods.com

full-funs.com

saoraigne.com

noemiaguesthouse.space

datatobe.community

sollight.net

wavestudios.pro

freeorama.com

fasinixiaoribenguizi032.com

mariajaq.com

hyper.vote

aedin.dev

docind.com

zhulinx.com

estairon.best

mlnphotography.art

1948ardithdr.com

Targets

    • Target

      d7522af8f62b472e0fd325102ec12624.exe

    • Size

      1.0MB

    • MD5

      d7522af8f62b472e0fd325102ec12624

    • SHA1

      04470c6f012a16ada80839931be700ee4421e8d0

    • SHA256

      6a8b8d64cdbdd6d21a4c56e47929c8dee133615149ef899342842fbbe910c2fa

    • SHA512

      0b53d1660aed71d912d418522f43d526ba1c4556900805e9ab50e096282621163bcff6e3de7e2a2e0e9a1cff6a7143cedb0a4df8a2216cc704441b6a9fb05db7

    • SSDEEP

      12288:LZ+2iN1/Sr+pYH8c+9eG8zYJDkrL+oQ1+vJoKWFcVBYt+zAf+mDXttarruVBDUJ1:A1e+YH80G8zYJDkrLTQ8qKWFQ3zp

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks