Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957.exe

  • Size

    859KB

  • Sample

    230110-n87kbsbf8s

  • MD5

    165d68ffe2a7c302e2510ad41d7fb190

  • SHA1

    d04b5f03f71b378705f55757e9f87c19022c49f6

  • SHA256

    2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957

  • SHA512

    d24d1d4af9bba95e58dd8d84a8842a1f08346edcbed8ddedd98033220d4874e10bffe71ab46ac4380d8dc6605eb48109bb21004e24f1a2d9f01c6bf571ce0a36

  • SSDEEP

    12288:qoQgKZ/nXt7virmWhlGLaQYIXvemUMoo4NbSxntD8UzsXMLX7HcRtWLkt3Wuijma:U2mHoo488UzGYX7HS0kt3WR

Malware Config

Extracted

Family

formbook

Campaign

soo3

Decoy

ulAoVHCJPFMMCXyU0k8s

gQssJfPDb+58t4k=

CJqTpjOkgMt0gQ==

jpj5qnSxUS0nZ9YOOfA9kw==

wd5b5XFY5eN6dwx3U6VwxRdj8X/F

ETbT5PLdmyyd3/B1Tt8=

v/JoCv2OjOuRiw==

JU/bfD1uA+TuXzEiCANlN1qglMY=

rVpvBOA37dfNB2rDlFvi9jM0

bCgzcDX/q/zJwCdRzs51iO8=

OmvZUJzHUkdL

U37ScNtggMt0gQ==

oynheCRY9snAKbINCZR72Bxj8X/F

mNVWXCXptUsDEhtnxs51iO8=

d4HKWl349Eth1OFEyQ==

O+nh8Lp5G4CKRgdFwQ==

9HkyNjsWo9mj0+IJk9c=

9wJYZ0n/mt297s80gN8tjg==

eTUrRwyugMt0gQ==

EY96tYYp0HQzP1W1/86jibJC0dE=

Targets

    • Target

      2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957.exe

    • Size

      859KB

    • MD5

      165d68ffe2a7c302e2510ad41d7fb190

    • SHA1

      d04b5f03f71b378705f55757e9f87c19022c49f6

    • SHA256

      2f331b6d11ad09a1b1aaea5d9c7ee120899b6d2a425ad46ef37af10730c3f957

    • SHA512

      d24d1d4af9bba95e58dd8d84a8842a1f08346edcbed8ddedd98033220d4874e10bffe71ab46ac4380d8dc6605eb48109bb21004e24f1a2d9f01c6bf571ce0a36

    • SSDEEP

      12288:qoQgKZ/nXt7virmWhlGLaQYIXvemUMoo4NbSxntD8UzsXMLX7HcRtWLkt3Wuijma:U2mHoo488UzGYX7HS0kt3WR

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks