Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exe

  • Size

    661KB

  • Sample

    230523-smwm6agg2y

  • MD5

    52884584e2bbbd4506596bf9cdebd4f1

  • SHA1

    2d1a5c85486065bb8e947148ab2d0b22d87da8ef

  • SHA256

    250a1e2888f6048ef783f5b580b000127d052371042c70b25497fe000ea662b5

  • SHA512

    f807fa5abb52d9acbda3fc4f680324526fb7f898f844503d8df57bfa24f5391b23ba4dcb1471cc233a88c1aefc4bd558201c698edfb8a1623faf741f7faadeeb

  • SSDEEP

    12288:E2iN/tAqWV7ej9J7k5LXkW/qXo59YPHcnN/tqjg8ca:E1htAX0j9wkR8nN/Ejg8ca

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

upa6

Decoy

farmaciadelverde.com

1whcfc.top

djameshomes.com

kylepauley.social

dawncharitabletrust.com

leverdurable.com

bluxban.online

oceansideglass.net

pcdcompusoft.com

dlunion.net

continuumadvisorypartners.com

tvlfood.com

pillblue.co.uk

1win-site-3.top

e32mbe.shop

mawelk.xyz

garage365.online

commonwealthbank.online

xw-04.com

smartcitiesrecruitment.co.uk

Targets

    • Target

      COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exe

    • Size

      661KB

    • MD5

      52884584e2bbbd4506596bf9cdebd4f1

    • SHA1

      2d1a5c85486065bb8e947148ab2d0b22d87da8ef

    • SHA256

      250a1e2888f6048ef783f5b580b000127d052371042c70b25497fe000ea662b5

    • SHA512

      f807fa5abb52d9acbda3fc4f680324526fb7f898f844503d8df57bfa24f5391b23ba4dcb1471cc233a88c1aefc4bd558201c698edfb8a1623faf741f7faadeeb

    • SSDEEP

      12288:E2iN/tAqWV7ej9J7k5LXkW/qXo59YPHcnN/tqjg8ca:E1htAX0j9wkR8nN/Ejg8ca

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks