Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    296KB

  • Sample

    230209-p2cl2scd8t

  • MD5

    1d920aa56457a163c9ede013081ae820

  • SHA1

    9e9ed8cf1341aaba3c6e32609a3780dff407a2ce

  • SHA256

    3d269d34d687979b0d73960f880ef5eaf5cd4bf4b90129ce5d6c0c5f8ec58995

  • SHA512

    f2e25d3656575e418a89642d4828ae15f04bb74e310c562cd3190bebf7dcf5b4104a4b81b20ba1825d4a3097234dafb1c1276c2cbee5ed00da69e4feaab8cbc2

  • SSDEEP

    6144:/Ya60IJrcLmPyG1twMNr1GX1Iius7CCeEhMNUPLegtfSdtyQ:/YaIeOyG/slB7CCPQULid0Q

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

re29

Decoy

barnstorm-music.com

gazzettadellapuglia.com

baratieistore.space

cdrjdkj.com

carlissablog.com

langlalang.com

2886365.com

aq993.cyou

jwjwjwjw.com

car-deals-80304.com

dikevolesas.info

buycialistablets.online

theplantgranny.net

detoxshopbr.store

imans.biz

fightingcock.co.uk

loveforfurbabies.com

eastcoastbeveragegroup.com

alaaeldinsoft.com

microshel.com

Targets

    • Target

      file.exe

    • Size

      296KB

    • MD5

      1d920aa56457a163c9ede013081ae820

    • SHA1

      9e9ed8cf1341aaba3c6e32609a3780dff407a2ce

    • SHA256

      3d269d34d687979b0d73960f880ef5eaf5cd4bf4b90129ce5d6c0c5f8ec58995

    • SHA512

      f2e25d3656575e418a89642d4828ae15f04bb74e310c562cd3190bebf7dcf5b4104a4b81b20ba1825d4a3097234dafb1c1276c2cbee5ed00da69e4feaab8cbc2

    • SSDEEP

      6144:/Ya60IJrcLmPyG1twMNr1GX1Iius7CCeEhMNUPLegtfSdtyQ:/YaIeOyG/slB7CCPQULid0Q

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks