Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    F46B4AE770D908AC9D9EB047D7FC79609F6F33981F9B98E4544F7E65FD62A4C9

  • Size

    267KB

  • Sample

    230518-rx6enscf25

  • MD5

    1265a3c0162daf43fef735c6dbf042dd

  • SHA1

    3ba7c02f0e9f93684f2d100aa7758f5ef7c8350c

  • SHA256

    f46b4ae770d908ac9d9eb047d7fc79609f6f33981f9b98e4544f7e65fd62a4c9

  • SHA512

    96ebb8119a2adb735ce2746396a0a50274c9e8e83188659174c74fdfae3a670a1ab5099d49fcb59a90b03ec0339c78354a811799a3ec401c80dd460426fb7c83

  • SSDEEP

    6144:rxvwj5WEKXdlRf4k9uCH1+T6XbXPn0hpDMfWhj7A7PitxzuKv4eR0ycAJPK:rxI5oXVA4nVOWn0497at1uKAeR0UJPK

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

re29

Decoy

barnstorm-music.com

gazzettadellapuglia.com

baratieistore.space

cdrjdkj.com

carlissablog.com

langlalang.com

2886365.com

aq993.cyou

jwjwjwjw.com

car-deals-80304.com

dikevolesas.info

buycialistablets.online

theplantgranny.net

detoxshopbr.store

imans.biz

fightingcock.co.uk

loveforfurbabies.com

eastcoastbeveragegroup.com

alaaeldinsoft.com

microshel.com

Targets

    • Target

      rock997.exe

    • Size

      281KB

    • MD5

      770b0aa37f47b6bda2c4aa82b686afaf

    • SHA1

      a7f4627372d3277b5456f2b4ff9f40aceb7db68c

    • SHA256

      c02565873b8fe1fe3a19ee5bca4d03a861d4768f48f8816311792b7632c63107

    • SHA512

      1839733c9d37692852f3c5e604e5f16c12313f0f937d1f3a055eecc787e6c1ed9037b16f7df1735e9a04a983b1ac05505dd48f36dff203a0765d08fdef02e0da

    • SSDEEP

      6144:/Ya6Nfn8Qna97f4k9uCH1+TmXbXPT0hpDMfWhj7U7Pitx1uK54IR0ycAJPI:/Yv/8Qna97A4nVOCT04v7atLuKmIR0UO

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks