Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d67d9bf7354e7969abe6a4ced998b145.bin

  • Size

    615KB

  • Sample

    230426-b9halsec94

  • MD5

    78c3234feea68c6528ce9b03a751a9e1

  • SHA1

    d2a05de02295916d8f4acd11fdd588417b5062bd

  • SHA256

    d8a138fbcb8fd354203f749dcd8e70f21a19af4935bb3cd9f34fa3ac74ce561b

  • SHA512

    599283fdfa46633da0beb6ed0600cbc1792b6b5ffe4d9c5b95f470b47978ea2a05237d739d999de6423c66ab8bb5efb2d8c7721e6cbf805f600db54aa6509d5a

  • SSDEEP

    12288:sgdGHSiugxRr6RuPdFOwouAPbQO7i7Qa/QuLvfjCAQKYa5RR5:3dGH64R6RgOwhk7iZ9vf2dKY6RR5

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

toulouse.gold

launchyouglobal.com

margarita-services.com

dasnail.club

casa-hilo.com

hardscapesofflorida.com

thepositivitypulse.com

kkmyanev.cfd

love6ace22.top

castorcruise.com

chch6.com

h59f07jy.cfd

saatvikteerthyatra.com

fxsecuretrading-option.com

mostbet-k1o.click

36-m.beauty

ko-or-a-news.com

eurekatextile.com

gynlkj.com

deepsouthcraftsman.com

Targets

    • Target

      c643ce9cf3045a605b3ed588dc7e992de791468c841013fcdb310e751b237ad3.exe

    • Size

      718KB

    • MD5

      d67d9bf7354e7969abe6a4ced998b145

    • SHA1

      12ac15d5eb62eb68f88d6bd149497a57e43e6fa2

    • SHA256

      c643ce9cf3045a605b3ed588dc7e992de791468c841013fcdb310e751b237ad3

    • SHA512

      e7c15ba7dbbdd0d7ea7103079feead806252dbf80a0d129f15c400614703e3380d1c6c68984dad1f932d5ef7d10a28867667ee5fc13413498546ad41d3806204

    • SSDEEP

      12288:0ZgjjkkCS3OydyH73bJ4gnVfo2ZQTR23onxpQH3oJSAT1i1NFW49Mx:0ZgjjkkCSPySN2ZQk4nxQ3cF0Mx

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks