Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    93A60B00B3933B1D036AA791E81EFE05249C5563384F2DDD04492B6BE6563583

  • Size

    1.6MB

  • Sample

    230208-v29vfadf27

  • MD5

    04377905d08675dc437756ba2cdfd9fe

  • SHA1

    0efa33091a6aa13f0bdc77bd06a2a103f3c33455

  • SHA256

    93a60b00b3933b1d036aa791e81efe05249c5563384f2ddd04492b6be6563583

  • SHA512

    bf28200e0be3ea3715654dda8b46fd2bc63f99c22ee3cd866f1c0acee25926d4fc0c7b5e2f87130e35f7b60e267dc1f963f102de1498ce8e909cfea2a8899e4b

  • SSDEEP

    49152:KmVBGXV62RHZq7oRc8biOoe8n45yO5CTICfF00kqfd:KmV2V62R5MoRPX4AyO5SDfF00kwd

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gune

Decoy

artentarn.net

allstarpurchaslng.com

lendhave.quest

3yza.com

qpyikn.shop

play-fortuna-win-15.top

jaspergirl.store

naranjacanelaymiel.online

hiddenvalley-farms.com

gas-grills-66023.com

fp-wp.com

livepix.ltda

liholagroup.com

erlinjobs.com

doctorhooper.net

sggwmdkk.shop

ujuyzw.shop

gameclubzeed.com

myhomewish.com

ontopageone.com

Targets

    • Target

      Payment-Advice.exe

    • Size

      2.6MB

    • MD5

      3e416710f120b91849b1878d07ecacd0

    • SHA1

      71eb6640520773803b0201cf4466ff57cb3ac81f

    • SHA256

      a56fd898ced9c080955b0ee12f4d652bd1b74ddde43470e94033a288e2b97dfc

    • SHA512

      3dd24bbff081711efb22f9c4b056e820fbbb45722ef911c7b9bf68b91ed436b2f16af95d2970b29c1d77858f922b4e91b8f2d61856d06d31731de983a796b451

    • SSDEEP

      49152:l0LiB3F6szZwltsrSKYsbCNICNfoAgQflqB:l3F62ZwDqSsbODNfoAgqK

    • Detect PureCrypter injector

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks