Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    New Order.rar

  • Size

    702KB

  • Sample

    230209-qhz4nsdb6z

  • MD5

    ccbb2ec496eb0b22ab4b9ddb3d1a59ed

  • SHA1

    76ea403c4186849291174e0caa3457f97502ca4a

  • SHA256

    c468a9183ecc42f934c38fecb1b02c1944aa4aa3acd39a920ec8e14f5443872f

  • SHA512

    6fec7130370edaace6dfab6443f87ea01e297b37f446754dbaa2f216a0453f903a06215129549a0bb946e22dd60312d5c10b8902b24e45dc364b5c7ed4083c12

  • SSDEEP

    12288:4Ql8EXJpl0m/MQ2O3sH880Ow0+vtAD3Nnqoq4KmmsJCHBXx5h/FvwCjACriIALvH:4bEXJpHMQ2OS7WntAD3NqJbmmAC1x5h+

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d03s

Decoy

laurasgreenleaves.co.uk

fantastik3d.com

jsstee.com

foodynation.co.uk

3623wnorthgate.com

titanmedical.africa

keithjacksonlifecoach.com

kardilah.shop

crisscrossfishsauce.com

lojatanamao.online

ceways.com

holybreadstudios.com

c66u.xyz

poococoin.net

exipureyour7best.online

easterislandfoundation.net

09448.voto

gzbzxyy.com

0uqx.xyz

agentfarah.com

Targets

    • Target

      New Order.exe

    • Size

      856KB

    • MD5

      7d8cdf3c58c00c596080b3f50f090ab5

    • SHA1

      558c0dd0071f4875d7f74a19106ff06774ac30b9

    • SHA256

      c9caca736c11e851b592f24322879f830096ef056283ab000c73fea48642278b

    • SHA512

      273e806c9463f844d60e861e454d48e6bd9adc0a552c476485d61acf89a3669b22986d404d7f9d89791f7cf4eb5b149acbdeaca14b8164b523cf62ffa8d5424e

    • SSDEEP

      24576:MHCtn9BoO/NtSQlQXDAlfSX6wnj+V9ClyTS666jDgs1b5/:z9KEpwzG8Lz6vgsD

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks