Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fb12ff69d81b75634e8d16440e6e3a630bf4ccbb

  • Size

    1.4MB

  • Sample

    230201-p9z3badc78

  • MD5

    6e5a788c4769930b873924f3ec758eb7

  • SHA1

    fb12ff69d81b75634e8d16440e6e3a630bf4ccbb

  • SHA256

    67cedcf3db2450ff9b924403912629c01eb69f4d4d9ba4b16a6ffcd80fb2ef0e

  • SHA512

    04f77e5a63b568b08561954296d0f34d259054d1bcbe14d8e4d9a5dd30740a8d1e49a49516d90adb81bf17b3ade9cd3229863d611417ee95631c1675472e9012

  • SSDEEP

    24576:ouJ6FV2EU4kgskPFCMUC3aM/OmMkcN+7AUeRNP8DxnmPqKZnYGtbOcQmo5oCiDNW:Q

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk29

Decoy

adobeholidaylego.com

labassecourdecaro.com

whhlbz.net

aikxian.net

myimmigration.net

etribe.info

fercosgru.com

everbrighthouse.com

finepizzavegesack.info

mesuretonradon.com

escopic.art

mapzle.com

panachesports.net

alabamasbesthvac.com

esghf.com

usrisik.com

activseal.com

eventplanningpros.africa

adufyuwefjdfuiwefl.site

kornilt.com

Targets

    • Target

      fb12ff69d81b75634e8d16440e6e3a630bf4ccbb

    • Size

      1.4MB

    • MD5

      6e5a788c4769930b873924f3ec758eb7

    • SHA1

      fb12ff69d81b75634e8d16440e6e3a630bf4ccbb

    • SHA256

      67cedcf3db2450ff9b924403912629c01eb69f4d4d9ba4b16a6ffcd80fb2ef0e

    • SHA512

      04f77e5a63b568b08561954296d0f34d259054d1bcbe14d8e4d9a5dd30740a8d1e49a49516d90adb81bf17b3ade9cd3229863d611417ee95631c1675472e9012

    • SSDEEP

      24576:ouJ6FV2EU4kgskPFCMUC3aM/OmMkcN+7AUeRNP8DxnmPqKZnYGtbOcQmo5oCiDNW:Q

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks