Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Booking Details!!.rar

  • Size

    1021KB

  • Sample

    230303-rt6w2ahg95

  • MD5

    620f881771a87875c52fce3965838b30

  • SHA1

    618c66967a4968755a5307d802867fc845ffdedc

  • SHA256

    479ff2dbf4ef796fe69806247f292ad133bb0a3d1cb5049e54cfa07a0912f336

  • SHA512

    221ab7f123572237df51d8055997d45937cae21b99ad57e85b9f3816027c6a2afed00b3da2ca2e933832b99375e83d8649540ec370e30f2214b58f2f428cf445

  • SSDEEP

    24576:S272v89KO+d00pZb5pxwoSdjB3GbLsuEcFc:P2vc3+lhwoSdl36L/U

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

connectioncompass.store

zekicharge.com

dp77.shop

guninfo.guru

mamaeconomics.net

narcisme.coach

redtopassociates.com

ezezn.com

theoregondog.com

pagosmultired.online

emsculptcenterofne.com

meet-friends.online

pf326.com

wealthjigsaw.xyz

arsajib.com

kickassholdings.online

avaturre.biz

dtslogs.com

lb92.tech

pittalam.com

Targets

    • Target

      Booking Details!!.exe

    • Size

      1.3MB

    • MD5

      d74ade79fdf326fbb5ab6e9cf1d7280d

    • SHA1

      148e1d75fc89aa2871523ff4a479c7cc821fd277

    • SHA256

      296abb33b7337fa594b7a28aaa0793ff1e7218b97974fe1764a0773f8962fbdd

    • SHA512

      9e1ed564c1b1ca5c2c026da504a8c234ae3e14be061a53cc220a225feaf18d96b517b9d4dae1ddb31cde872d62b49f20f15b24700c59fab52362fb6818534fda

    • SSDEEP

      24576:LnluD7SzYdJd2jfYfkreLTqlTIrI+xjNJtbmJvaerVPsX3vT0xbCA6/+otq:Llu3SzYjdSNrehrIIjDtbmJHq/Qha+3

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks