Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Shipping Documents.exe

  • Size

    1.1MB

  • Sample

    230529-lw79zsbb64

  • MD5

    501077473c7260aa94be655173c8ad40

  • SHA1

    dc677d38541268f2c4a42eb8ba71a6960a04efb3

  • SHA256

    34834d278c8c71e3cc9d152c073cc444781465c285648630a1be19afab1abd24

  • SHA512

    17a8e6021f6dccb9b5848ca6bc02146bd4a8242cf51f6bacbf6b732e7d0e97297337df729b4fd1f7f0abc0a0756122f0fd2a8495416504be65b275208b7e2ae3

  • SSDEEP

    12288:5TLaa0X6S2iN6dn1tWKeMTmHY31v8nhaIdpMdZHs747yr5i6cNOYV2nw:Y510313TC0JIdks7iIv1bw

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ca82

Decoy

idunresearch.com

loiioo1.site

aimobilify.com

limousineswebdesign.com

darshan-enterprises.online

javad.top

dd-spy.com

metamysme.co.uk

earticlesdirect.com

ldkj78v.vip

dariusevory.com

bestyoutubepromoter.com

dogcoinacademy.com

mestredosexo.net

mrnofree.africa

plan.rsvp

hoangnam.site

cadcamperform.com

091888.net

artwaylogistics.com

Targets

    • Target

      Shipping Documents.exe

    • Size

      1.1MB

    • MD5

      501077473c7260aa94be655173c8ad40

    • SHA1

      dc677d38541268f2c4a42eb8ba71a6960a04efb3

    • SHA256

      34834d278c8c71e3cc9d152c073cc444781465c285648630a1be19afab1abd24

    • SHA512

      17a8e6021f6dccb9b5848ca6bc02146bd4a8242cf51f6bacbf6b732e7d0e97297337df729b4fd1f7f0abc0a0756122f0fd2a8495416504be65b275208b7e2ae3

    • SSDEEP

      12288:5TLaa0X6S2iN6dn1tWKeMTmHY31v8nhaIdpMdZHs747yr5i6cNOYV2nw:Y510313TC0JIdks7iIv1bw

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks