Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fd498a1be2c83df884266ad732f7a3c4.exe

  • Size

    304KB

  • Sample

    230301-xjmnashc2s

  • MD5

    fd498a1be2c83df884266ad732f7a3c4

  • SHA1

    d75f3be9a3ab927ede5e4953a28c99e6b2584cec

  • SHA256

    d79d4f61a8ac7e72f4b51fd872317a7d9feb84a46e47bebd09eb60c8a34ec057

  • SHA512

    b1280bce16fb24c3b042eb391faf846da9cf3409ca6ac21d1f584b14c1f9737b7e7cf1fecf47b8ed49ab26df1f53af69972806a5656d7ae10adaa70005a93772

  • SSDEEP

    6144:AYa6o14m7yrnRJFJ65+ITi8iUDQ8WjPPznEZK96pEapfXBHFK:AY2GRsQITWPnEZo6pXpPNk

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b07o

Decoy

rpalmerdecorating.co.uk

magellanalytics.net

28yorkave.com

woodburnershop.co.uk

jcw-media.com

helinica.com

yuaneju.com

akypan.top

cavidahome.com

annaswiatkowski.com

123findcapital.com

danielle.nyc

dhcons.click

ocnarf.co.uk

1wowoc.top

corbett.one

extersolutions.com

fcukart.com

fadaona.online

guangness.top

Targets

    • Target

      fd498a1be2c83df884266ad732f7a3c4.exe

    • Size

      304KB

    • MD5

      fd498a1be2c83df884266ad732f7a3c4

    • SHA1

      d75f3be9a3ab927ede5e4953a28c99e6b2584cec

    • SHA256

      d79d4f61a8ac7e72f4b51fd872317a7d9feb84a46e47bebd09eb60c8a34ec057

    • SHA512

      b1280bce16fb24c3b042eb391faf846da9cf3409ca6ac21d1f584b14c1f9737b7e7cf1fecf47b8ed49ab26df1f53af69972806a5656d7ae10adaa70005a93772

    • SSDEEP

      6144:AYa6o14m7yrnRJFJ65+ITi8iUDQ8WjPPznEZK96pEapfXBHFK:AY2GRsQITWPnEZo6pXpPNk

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks