Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d8d8a2af9b26764004323afcb393879266daaf40afd026894b311424b50d8ff5.zip

  • Size

    227KB

  • Sample

    230310-m1g42ach96

  • MD5

    343336d843591e9045f19fef085b310d

  • SHA1

    120cda05d8717df7f6520489866f4715b4f659c8

  • SHA256

    75cad3b006c75ab9361842884a4937580a3e3cbcbb8e583843e55f934a4ea6d8

  • SHA512

    dc6b995ef4bd759b978f9988783dd1a0ea5ad601492607ec730adc5bec085d0c784b3c4d38370488cc9a3a6cf5d933356176c4746b6042b0be3e7c7ab0d992bd

  • SSDEEP

    6144:GXSvi3QVZ9/pdpdXW+xPgLIsmU2yS1NtMB6xqTpdUqL:S8TvjXW+xPGIsmjHMUxqTpZ

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gt48

Decoy

flusskiesel.studio

txweiqi.com

bestsnowboardingincolorado.com

aceroyrodio.com

antoniafredrik.se

iskugo.club

lifehightech.com

emotionalsupporthedgehogs.com

911527.com

familyblinn.online

family-doctor-90847.com

importadosjl.shop

arobaz-solutions.com

ibobetgogo.com

trippincreative.com

funnyjokeday.com

doktorhizmeti.xyz

contentteam.co.uk

iyaarirealestate.com

atomikoldschools.com

Targets

    • Target

      d8d8a2af9b26764004323afcb393879266daaf40afd026894b311424b50d8ff5.exe

    • Size

      241KB

    • MD5

      02eefca081505168a313a927977e02e5

    • SHA1

      4ff60a4b15d4ed1cc3733676a25b929962d64d4b

    • SHA256

      d8d8a2af9b26764004323afcb393879266daaf40afd026894b311424b50d8ff5

    • SHA512

      0f8a33342682c1e8a4c3b096c91e26cf9b18d48a28e0eaae2af450e637b3e6a00a075a6fd315ef7737e88a132005877e7af5959240452642ddadefee65ac537e

    • SSDEEP

      6144:NYa6Juz8BMG9jCpNLw3ODiHVmyfvYUeEu0UIE:NYf5RiNymryfvYUi0UT

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks