Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    74291.exe

  • Size

    638KB

  • Sample

    230524-tzcaqadh4t

  • MD5

    d4f369f573c973d833f5060c6b80e929

  • SHA1

    1ef7c6cf58b39dba64d282d701f5992acfae830e

  • SHA256

    79f878be696492904510496633fcdc7458f7b2e2efb373f7d097b2276a708e51

  • SHA512

    e57e29b18f75b94445fa732aac2c31a1d30bb2011442b2736073bdabd12949d057bcae7f340f6f26619e70e86cc95a099fca4cb3a654880c6189f30901e6cdae

  • SSDEEP

    12288:C2N8jiZ4zypIPEtPplTY6RhKuEX1n+sDUyHVCw0VkKL3QXtzx/yffqx:C2N8jiZ4zypIPEJTDE/X1n+iUy1Cwogo

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a2e2

Decoy

emptylegtrip.com

figge.shop

euro-easy-capital.com

coinsbaseotc.com

midnight-iohk.net

cweas.online

pennymanning.net

shiehkids.net

undawear.africa

aheartfelttouch.com

attorneycaraccidents.net

colourkodedllc.com

love2lovebeautifulpleasures.com

loan-fha-now.com

mdc-shop.net

chooselifeministriescenter.com

oliverhodkinson.co.uk

data-link.site

foxton.store

dongtay.group

Targets

    • Target

      74291.exe

    • Size

      638KB

    • MD5

      d4f369f573c973d833f5060c6b80e929

    • SHA1

      1ef7c6cf58b39dba64d282d701f5992acfae830e

    • SHA256

      79f878be696492904510496633fcdc7458f7b2e2efb373f7d097b2276a708e51

    • SHA512

      e57e29b18f75b94445fa732aac2c31a1d30bb2011442b2736073bdabd12949d057bcae7f340f6f26619e70e86cc95a099fca4cb3a654880c6189f30901e6cdae

    • SSDEEP

      12288:C2N8jiZ4zypIPEtPplTY6RhKuEX1n+sDUyHVCw0VkKL3QXtzx/yffqx:C2N8jiZ4zypIPEJTDE/X1n+iUy1Cwogo

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks