Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    invoice.exe

  • Size

    753KB

  • Sample

    230508-hcb6nahc76

  • MD5

    4de9d309e114114fa821c9b7bb72d0d4

  • SHA1

    010b0e52bf6fc756f22b04c6dea24b0db9b31ff3

  • SHA256

    ece8d55b66fdd470a1037290b30a2e6e66d0ff38fa366ec37a2b0a330364093e

  • SHA512

    a8e52c3815237474e7832e4478e14aeb386cd1c18e05938b580958e8814b3a0f62967927cb260f386e25473c4ebd4fdc999cf04a6dee123eff139b855428263d

  • SSDEEP

    12288:336M4DvcLt3zO0JSeo2113s9tr4CNNF06+DkJV5c+uh09HgCTrHBz:6M4qqapo213s5NNFu4JV52KH/r

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

    • Target

      invoice.exe

    • Size

      753KB

    • MD5

      4de9d309e114114fa821c9b7bb72d0d4

    • SHA1

      010b0e52bf6fc756f22b04c6dea24b0db9b31ff3

    • SHA256

      ece8d55b66fdd470a1037290b30a2e6e66d0ff38fa366ec37a2b0a330364093e

    • SHA512

      a8e52c3815237474e7832e4478e14aeb386cd1c18e05938b580958e8814b3a0f62967927cb260f386e25473c4ebd4fdc999cf04a6dee123eff139b855428263d

    • SSDEEP

      12288:336M4DvcLt3zO0JSeo2113s9tr4CNNF06+DkJV5c+uh09HgCTrHBz:6M4qqapo213s5NNFu4JV52KH/r

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks