Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SHIPPING DOCUMENTS. 25.23.exe

  • Size

    670KB

  • Sample

    230518-frrhsagg7z

  • MD5

    77783c6f99127280ab5c677c1c96bf7c

  • SHA1

    5327e4ca332aa28267444a12cd692375291a4ce2

  • SHA256

    e8f271e2c00c7310ba76f5be24f425df7b4c3fdd84a0b715906a10da4f7e879b

  • SHA512

    e134cecc97558e46ee9b26cc1c6a818fd3697360d62a171aa2912900cfbf569a8aedc2de6e466d42f9401f964319af36203c389af46332d40bce2390bed1ef91

  • SSDEEP

    12288:S8RXgHLZIcZI13TZFseMdvkp/TpVMYEVxhe+XbeG7aEGONgLQ:SsAtDmJZTu8ptipSupf

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ga36

Decoy

700kitchen.com

udda.app

fractionalgc.tech

tipmercados.net

2-upapparel.net

directbookdiscount.com

koewetzeltours.com

d7c8-iuxt.com

hamaancook.com

benjaimnmoore.com

yimaglobal.africa

dispovapo.com

aseguvenlik.com

battery-worth.com

dddanbao.mobi

blueskyauberge.com

740.mobi

betterbonella.com

liverally.club

czubao.com

Targets

    • Target

      SHIPPING DOCUMENTS. 25.23.exe

    • Size

      670KB

    • MD5

      77783c6f99127280ab5c677c1c96bf7c

    • SHA1

      5327e4ca332aa28267444a12cd692375291a4ce2

    • SHA256

      e8f271e2c00c7310ba76f5be24f425df7b4c3fdd84a0b715906a10da4f7e879b

    • SHA512

      e134cecc97558e46ee9b26cc1c6a818fd3697360d62a171aa2912900cfbf569a8aedc2de6e466d42f9401f964319af36203c389af46332d40bce2390bed1ef91

    • SSDEEP

      12288:S8RXgHLZIcZI13TZFseMdvkp/TpVMYEVxhe+XbeG7aEGONgLQ:SsAtDmJZTu8ptipSupf

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks