Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    order specification.exe

  • Size

    684KB

  • Sample

    230522-kpv6eafb54

  • MD5

    e4b4f25fdbd4a82ef0df9076ec6dd250

  • SHA1

    35a27a55da6c5c6c65292289d95469cd4ec0bff9

  • SHA256

    0480f30f1070d12b3231c495ee15699f09049f1c5bc19e889ebd2f3571bd4ab7

  • SHA512

    848f2178541a9302e93c3558f0320bc5d922128407b03dbfaa20702584fc67e1722f4ac46974ad8a7b918af2d78fd86903728d518ec2f5f4d66bb74474347902

  • SSDEEP

    12288:ptOFx0YPX/NqPsAogO01MnY7Zzrgb7Siqumatg8BaNd2h/:ptOwHPsAA0eGgb+iquBaNG/

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o17i

Decoy

chocolatebarreview.com

fetch-a-trabajos-canada.info

expresspestcontrol.net

tractionx.co.uk

vitalassetsecurity.com

lahtawine.ru

firedamagereports.com

bentzenphotography.com

digitalworkforces.com

divnoe.online

efefbig.buzz

melhardy.co.uk

igorsolutions.com

developmentszhuiservice.com

fookspace.com

kredaroo.com

4zpm.xyz

kycecat.cfd

singingriverhomeimprovement.com

bils.store

Targets

    • Target

      order specification.exe

    • Size

      684KB

    • MD5

      e4b4f25fdbd4a82ef0df9076ec6dd250

    • SHA1

      35a27a55da6c5c6c65292289d95469cd4ec0bff9

    • SHA256

      0480f30f1070d12b3231c495ee15699f09049f1c5bc19e889ebd2f3571bd4ab7

    • SHA512

      848f2178541a9302e93c3558f0320bc5d922128407b03dbfaa20702584fc67e1722f4ac46974ad8a7b918af2d78fd86903728d518ec2f5f4d66bb74474347902

    • SSDEEP

      12288:ptOFx0YPX/NqPsAogO01MnY7Zzrgb7Siqumatg8BaNd2h/:ptOwHPsAA0eGgb+iquBaNG/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks