Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    242426_1.cab.rar

  • Size

    259KB

  • Sample

    230418-mg376aag93

  • MD5

    bf1cbf07499636327af28d24ddc4f6f1

  • SHA1

    8b8f174d2c5e08e0c9689d2f1ed3cdf07d4eb792

  • SHA256

    2f4a9b29967cbc586b47b4b04d0cc272387e591308c3665e3631d8fc10eed17c

  • SHA512

    b3e982f2782725126109392768354368e504fdaea1d2c2352853c025111a517b57ef1c815202600829e2c88806ebde9793d3cba15e791137be6a671efe512855

  • SSDEEP

    6144:7IcyzLBIOUvo2L460qjuybAK6rDj+WIrYnwYKBcXEzdO:+P7+5jZbpWIr0vCBO

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

re29

Decoy

barnstorm-music.com

gazzettadellapuglia.com

baratieistore.space

cdrjdkj.com

carlissablog.com

langlalang.com

2886365.com

aq993.cyou

jwjwjwjw.com

car-deals-80304.com

dikevolesas.info

buycialistablets.online

theplantgranny.net

detoxshopbr.store

imans.biz

fightingcock.co.uk

loveforfurbabies.com

eastcoastbeveragegroup.com

alaaeldinsoft.com

microshel.com

Targets

    • Target

      rockcor908.exe

    • Size

      274KB

    • MD5

      41d5451e60ff3e73b8443b3cce0a6cb8

    • SHA1

      f50a1a4d2088bd33f3443285bc2ff0bec36e7c23

    • SHA256

      33e3b47eae5dd2c0931b64dab1fa56868276ee8cadf3cda23e4310e7e640703f

    • SHA512

      101b7da4dd71dbbd4989bc729f64f3380476892040464cc789a8fc18a43e27709c7a024263011ab5105a881fd9b7c06a8961022360f18bd697a3b7d0902a1987

    • SSDEEP

      6144:/Ya6aRt/CCxhfRFdlGu0GISPDPCU8TDsTlfHd7i:/Y0z5hffdlGu0x2TxTd1i

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks