Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aa05023887117e6f52dce6ae40dcab9d.exe

  • Size

    272KB

  • Sample

    230213-tk7s3sdg41

  • MD5

    aa05023887117e6f52dce6ae40dcab9d

  • SHA1

    3f6c3e8cc656a436be4ddbc248432e48dcd8aa0d

  • SHA256

    6c3654d20a676bf9b7f77546e23bfb3a7d2d23f1d535d0feced966a22ece5d60

  • SHA512

    329d06ab016a9413e5320170d1ede46dc50d3a4aea13efc600919858e8100ff3b56b8934f0815a4f3cfed45e7641488f9768b6635c03504ba958194287584362

  • SSDEEP

    6144:BYa6q6/iwjO/07RXNHT0uZ0w+5IoujNbjcgTAgqZ6VOmA+:BYcKji079BV0/IVNbQgMkw+

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk29

Decoy

adobeholidaylego.com

labassecourdecaro.com

whhlbz.net

aikxian.net

myimmigration.net

etribe.info

fercosgru.com

everbrighthouse.com

finepizzavegesack.info

mesuretonradon.com

escopic.art

mapzle.com

panachesports.net

alabamasbesthvac.com

esghf.com

usrisik.com

activseal.com

eventplanningpros.africa

adufyuwefjdfuiwefl.site

kornilt.com

Targets

    • Target

      aa05023887117e6f52dce6ae40dcab9d.exe

    • Size

      272KB

    • MD5

      aa05023887117e6f52dce6ae40dcab9d

    • SHA1

      3f6c3e8cc656a436be4ddbc248432e48dcd8aa0d

    • SHA256

      6c3654d20a676bf9b7f77546e23bfb3a7d2d23f1d535d0feced966a22ece5d60

    • SHA512

      329d06ab016a9413e5320170d1ede46dc50d3a4aea13efc600919858e8100ff3b56b8934f0815a4f3cfed45e7641488f9768b6635c03504ba958194287584362

    • SSDEEP

      6144:BYa6q6/iwjO/07RXNHT0uZ0w+5IoujNbjcgTAgqZ6VOmA+:BYcKji079BV0/IVNbQgMkw+

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks