Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8757t68657.doc

  • Size

    1.2MB

  • Sample

    230301-l18fjsff93

  • MD5

    4235233ad7b597102f4487fc1a60a626

  • SHA1

    bc5b2271e68226a88af51453b0d8457f14bb6ca9

  • SHA256

    e0c35894a02a5ffeca20200d4cb17e9b354c953d5704794242117c4e6307ca08

  • SHA512

    edd8efdb085e2adcd564f49b73873fa2c699545421dba1807a72842ccd8af5b2ac6e7221b2e5568fd472aa18b90ba71afb688dce94fe6a1d1dd46a4fd5f52632

  • SSDEEP

    24576:vGJPA5UEY+zNc5mLmUXhXB8hfHK9AoaIS4LMSpMp76I3xNBsFIEdOlq8VawE4kSC:p

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b07o

Decoy

rpalmerdecorating.co.uk

magellanalytics.net

28yorkave.com

woodburnershop.co.uk

jcw-media.com

helinica.com

yuaneju.com

akypan.top

cavidahome.com

annaswiatkowski.com

123findcapital.com

danielle.nyc

dhcons.click

ocnarf.co.uk

1wowoc.top

corbett.one

extersolutions.com

fcukart.com

fadaona.online

guangness.top

Targets

    • Target

      8757t68657.doc

    • Size

      1.2MB

    • MD5

      4235233ad7b597102f4487fc1a60a626

    • SHA1

      bc5b2271e68226a88af51453b0d8457f14bb6ca9

    • SHA256

      e0c35894a02a5ffeca20200d4cb17e9b354c953d5704794242117c4e6307ca08

    • SHA512

      edd8efdb085e2adcd564f49b73873fa2c699545421dba1807a72842ccd8af5b2ac6e7221b2e5568fd472aa18b90ba71afb688dce94fe6a1d1dd46a4fd5f52632

    • SSDEEP

      24576:vGJPA5UEY+zNc5mLmUXhXB8hfHK9AoaIS4LMSpMp76I3xNBsFIEdOlq8VawE4kSC:p

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks