Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp.bin

  • Size

    605KB

  • Sample

    230505-ztdjgsgh3x

  • MD5

    cb62322bf94c2372c0c4c0383f3c2a23

  • SHA1

    7b628d08dde66fe82002c908a1cdca11db5d54ed

  • SHA256

    f641f1a87ee2a760b79417b410c52137c114e2618529bb90a0f281967975476e

  • SHA512

    8a43cc7a3d2f6ebd5bd3bddc6577d435ac421697a3a8ca34074a29bdc716b589e87684e1cc5ae8d1007ef22e69e72cb0393c45c2f9f681fee3e0a7acec7f4237

  • SSDEEP

    12288:FYmXlA7G3NFi0b7BMAsSMMT6sOhOIbw9SopRGdovnyo6VNglbXT:F5aS9Fi0b7BPl569I4p4G6vn32SbXT

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tf6p

Decoy

poolcleanerskingsland.com

nieveslandscapee.com

wb263.com

smartlubetrading.com

linuowen.com

fna-seattle.com

jobgenie-ai.com

mycocktailmind.com

openai-invite.com

tnndjf5kyxz.com

mclane.attorney

somwear.xyz

spliffstudios.com

grupofaace.com

wuuwo.com

bigtimerushcharlotte.com

yourercchecks.com

arportablepottyrentals.biz

sbtsanantonio.com

explantationsbegleitung.com

Targets

    • Target

      tmp.bin

    • Size

      605KB

    • MD5

      cb62322bf94c2372c0c4c0383f3c2a23

    • SHA1

      7b628d08dde66fe82002c908a1cdca11db5d54ed

    • SHA256

      f641f1a87ee2a760b79417b410c52137c114e2618529bb90a0f281967975476e

    • SHA512

      8a43cc7a3d2f6ebd5bd3bddc6577d435ac421697a3a8ca34074a29bdc716b589e87684e1cc5ae8d1007ef22e69e72cb0393c45c2f9f681fee3e0a7acec7f4237

    • SSDEEP

      12288:FYmXlA7G3NFi0b7BMAsSMMT6sOhOIbw9SopRGdovnyo6VNglbXT:F5aS9Fi0b7BPl569I4p4G6vn32SbXT

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks