Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    063A9AD1E9E34E5F7321ABC616BC9F41DE518335E85F0E71534C4AF0B706E0A9

  • Size

    222KB

  • Sample

    230518-cdx7magb8w

  • MD5

    77039d4eb4f04aa58712c4aef761d0e7

  • SHA1

    cd2ac6124fd7fd253819dfae6c97d38f0af626b5

  • SHA256

    063a9ad1e9e34e5f7321abc616bc9f41de518335e85f0e71534c4af0b706e0a9

  • SHA512

    153581a029e2d4023d4dbeb4cbe0ca0fb4a936f2a250acae9a2fd744d6166e58abf8b94521f5639ff6ce48c4545b6dd747dca4bc3369de8d7ed24cec3e2eed37

  • SSDEEP

    6144:TzgPEGujvlcnf6My68qAznb2azdViH7nbftOpOVRJe:T0Ppujvlciw8bz6aWbbtiS8

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

re29

Decoy

barnstorm-music.com

gazzettadellapuglia.com

baratieistore.space

cdrjdkj.com

carlissablog.com

langlalang.com

2886365.com

aq993.cyou

jwjwjwjw.com

car-deals-80304.com

dikevolesas.info

buycialistablets.online

theplantgranny.net

detoxshopbr.store

imans.biz

fightingcock.co.uk

loveforfurbabies.com

eastcoastbeveragegroup.com

alaaeldinsoft.com

microshel.com

Targets

    • Target

      rockr9905.exe

    • Size

      238KB

    • MD5

      d16f5edec7de7c9b263ab7ff62a60459

    • SHA1

      e82c3dc90322e46a8fbe6f29648394869246f5ca

    • SHA256

      e407a4227243f0b4c73216becb3bd2b94648ef85dd52568d12e5ced2f5b9dc2d

    • SHA512

      088fdb92d75316b4f40a057f7fa9fe01683b7373176f610cd70ec3ade3932ce69b395c2a206ae46b8d020db9ad94d7762ed0196f6f4136f80dd9d4290861efae

    • SSDEEP

      6144:PYa6Hq+BjzHgjeJFLx+TVlYYhSYo+dSSq1/j:PY1ljzHyef+VyYhSY/d5qZ

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks