Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    724ad0f724d2aba12940a1eeeede2980.exe

  • Size

    367KB

  • Sample

    230419-bhs8sshb5z

  • MD5

    724ad0f724d2aba12940a1eeeede2980

  • SHA1

    7c78985a6a73aabf2dc2dbbe4ef8f39f35f69c00

  • SHA256

    8d108254a8f52c795d01e4fa87ac70437873d1073e38c179716e5fa40816b82f

  • SHA512

    685041a0540ee78483811d31cae0807e8ed5e935557aa0f4d95b4f4a86ec2c68acd0925fe7245f61b0a5e978e29c036fa9d1cf873e56e9d7bcc98c8a5d6d7c6d

  • SSDEEP

    6144:7Ya6E9UJPbOrLRGNr8dPXw+kaBBIHtDhA7XbX5PGwhwtWT732fz0YThqHVTH6HuX:7Yq9UJzOa8w+kImHPm1LT73270FHHM78

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

htqs

Decoy

calvingross.com

al-andalusi.shop

cartvey.com

omdestinationweddings.com

arolo.site

avh.life

lifesaversministrypakistan.com

91gag.com

sucessodenegocio.com

stillrockphotography.com

matrixpro.xyz

ingeborgbleonard.icu

gatorfunding.services

truevoicetea.com

rentz-elektro.com

winetasting.tips

nerdppc.com

weareroamingexpert.com

silvermacpro.com

grandmakadescustomquilts.com

Targets

    • Target

      724ad0f724d2aba12940a1eeeede2980.exe

    • Size

      367KB

    • MD5

      724ad0f724d2aba12940a1eeeede2980

    • SHA1

      7c78985a6a73aabf2dc2dbbe4ef8f39f35f69c00

    • SHA256

      8d108254a8f52c795d01e4fa87ac70437873d1073e38c179716e5fa40816b82f

    • SHA512

      685041a0540ee78483811d31cae0807e8ed5e935557aa0f4d95b4f4a86ec2c68acd0925fe7245f61b0a5e978e29c036fa9d1cf873e56e9d7bcc98c8a5d6d7c6d

    • SSDEEP

      6144:7Ya6E9UJPbOrLRGNr8dPXw+kaBBIHtDhA7XbX5PGwhwtWT732fz0YThqHVTH6HuX:7Yq9UJzOa8w+kImHPm1LT73270FHHM78

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks