Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6b85dbb12585f5120e70e0cad7521654.zip

  • Size

    252KB

  • Sample

    230412-k9nbascg5v

  • MD5

    9e7d3c727695d1a287d49235d729be2a

  • SHA1

    f3d1155453c5b7213a6f3d8877980a129e3904af

  • SHA256

    5da13468ddb4481a5057669fec1f3c469132af6e2ad0963524e3751b359e69cd

  • SHA512

    952e2e57cf23237c7902754fedc15fff1a15a0f7ecd8d5882c3af41be897b36c5ba2ebafafe743047db475106796b9bad5840559be15310060af309d1bf62b10

  • SSDEEP

    6144:O5ZJDv7+L5PDi7Ms0ZHSfFKhrFWwD+nCSYZIXue+Brd:EqL5r6Ms0Zy+kwKxYcue+Brd

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c02s

Decoy

51ysp.net

digitalmarketsecrets.com

bringbackroyal.com

mitepty.online

famousastrologyspecialist.com

789betket.pro

cailinlane.com

lab-grown-diamonds-44403.com

nascodirect.africa

healthpedia.life

780ty.com

brokerdefensewall.info

storagetopgun.net

almanea.xyz

debbieaffordablewears.com

digitalrightsmarch.com

shengxianmeishi.com

duoguang.top

belpages.com

hiegu7mj6.xyz

Targets

    • Target

      LEAK.EXE

    • Size

      262KB

    • MD5

      6b85dbb12585f5120e70e0cad7521654

    • SHA1

      93107e9c48785d4ff393478c32249a43d1b3c055

    • SHA256

      d4b23673edbc5a28526a91b7e10003c82449971f594a066941b2d8217fbf2ab3

    • SHA512

      a4c085779a17d9820b4f72a7ef5ba219cfe6e15a93c3599841ebb23c84908a0cbeab11f85f3d1846615d8869bf365ed45764ef1476c6a41f6d37d1e6392ad9fd

    • SSDEEP

      6144:PYa6jjX34cmYMHSBCQU8yEg4Quz02vXET3I3:PYxUPZV8BvQ4UTs

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks