Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PO610008532.exe

  • Size

    2.0MB

  • Sample

    230516-me7gsshc4y

  • MD5

    b7dc4b65e6239c0d20bcb4b59f5c644c

  • SHA1

    e166cebfa0fb6e9e04f64f2f61dca71b49ef9e44

  • SHA256

    3fc300b0b16fefb8d0dc08f09803d7dbff6be6ea2a4c87833fb285499a3fc6f0

  • SHA512

    851b73419737a32ce06701e1d5ecbc32be6a5777709460a81afdc92d2b8ca322ae3fd93650610959f7921b41ae5ef99d2859a9949918f94fe4a673b759ed2607

  • SSDEEP

    12288:D/cOS13ZjYXegrTuXXlC+pEXdOMnmfVWWd8wWDOZQgOxwr:afPWDOZQ

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wm23

Decoy

ntjhe.com

180yq.com

bcxlb.com

haefelinger.net

bkwbroadcasting.com

kastraestates.co.uk

ayasca.com

89spa.com

denizmobile-com-tr.net

5nrb3v.site

dewi.africa

darnacme.online

satovsky.rsvp

deluxhomefurnishings.com

igminitruckersolingen.com

celtictransportie.com

deltakrian.com

bassettsrestauranttogo.com

digitalcharts.xyz

glassbong.life

Targets

    • Target

      PO610008532.exe

    • Size

      2.0MB

    • MD5

      b7dc4b65e6239c0d20bcb4b59f5c644c

    • SHA1

      e166cebfa0fb6e9e04f64f2f61dca71b49ef9e44

    • SHA256

      3fc300b0b16fefb8d0dc08f09803d7dbff6be6ea2a4c87833fb285499a3fc6f0

    • SHA512

      851b73419737a32ce06701e1d5ecbc32be6a5777709460a81afdc92d2b8ca322ae3fd93650610959f7921b41ae5ef99d2859a9949918f94fe4a673b759ed2607

    • SSDEEP

      12288:D/cOS13ZjYXegrTuXXlC+pEXdOMnmfVWWd8wWDOZQgOxwr:afPWDOZQ

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks