Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    980c09040af5ab467b0e902c8097cb83.exe

  • Size

    420KB

  • Sample

    230106-l3dc7aff75

  • MD5

    980c09040af5ab467b0e902c8097cb83

  • SHA1

    efbd7fcfc5bac7aee07b2715c492ff71df54ce48

  • SHA256

    843c93a950a42ce6ccdd4debb3b505ee31a696637c523aa3cde37876a940d1d1

  • SHA512

    d1524131c82bac5e4fc6232963694d5c2944fd1ad52d7c394fac449c44f498f474d130217ec94a84514897cba02060207b564c640e056c85536356896f1e14c8

  • SSDEEP

    6144:oYa6eYODUglfIPtpIGAmRCXODtbOy0FD5GHfE7pV5gK8noo:oYdpIGAmMe5SyYtGHiuK81

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr84

Decoy

intouchenergy.co.uk

lalumalkaliram.com

hillgreenholidays.co.uk

fluentliteracy.com

buildingworkerpower.com

by23577.com

gate-ch375019.online

jayess-decor.com

larkslife.com

swsnacks.co.uk

bigturtletiny.com

egggge.xyz

olastore.africa

lightshowsnewengland.com

daily-lox.com

empireoba.com

91302events.com

lawrencecountyfirechiefs.com

abrahamslibrary.com

cleaner365.online

Targets

    • Target

      980c09040af5ab467b0e902c8097cb83.exe

    • Size

      420KB

    • MD5

      980c09040af5ab467b0e902c8097cb83

    • SHA1

      efbd7fcfc5bac7aee07b2715c492ff71df54ce48

    • SHA256

      843c93a950a42ce6ccdd4debb3b505ee31a696637c523aa3cde37876a940d1d1

    • SHA512

      d1524131c82bac5e4fc6232963694d5c2944fd1ad52d7c394fac449c44f498f474d130217ec94a84514897cba02060207b564c640e056c85536356896f1e14c8

    • SSDEEP

      6144:oYa6eYODUglfIPtpIGAmRCXODtbOy0FD5GHfE7pV5gK8noo:oYdpIGAmMe5SyYtGHiuK81

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks