Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    DB_DHL_AWB_001833022AD.exe

  • Size

    756KB

  • Sample

    230601-f6gl5adc3s

  • MD5

    2d985f3b5851efc28e57c98a70b9de4f

  • SHA1

    2d9b300138b372777cde6cbc41526121dfc2663d

  • SHA256

    0daf37a7f327ddc858e1c6c4a02974012fb9434de66256402c8091561ae16fd4

  • SHA512

    a9f9f73024a19283c368a2cc011d6e1cfdac63bf6786ca1ec9e8d765b67e105767ec62546b9339b58b2494c44e3ad51ee1614fd52073151bde2c638c0d6940ac

  • SSDEEP

    12288:IfCk22F22E22U22FAMTihh6xhZ6OrFIu/ZSwJBmLAMPeDKklYQ+zM4HkOKuTDNLO:Tk22F22E22U22eMUgh8yFI6SuW0v+zMh

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cs94

Decoy

dhaliwal3.com

iptvebay.shop

hsfgass33.top

cammali.com

dcleaningseevicesltd.co.uk

amzosecsn-jp.icu

builtmedia.co.uk

duoguang.top

forumken.net

cqivrh.cfd

lr-nexusark.com

carrirae.shop

jtownexclusive.africa

georoiddemo.online

lefinet.com

otc.rsvp

kitchenpharmacy.co.uk

bbywafz248xca4.com

digijockey.com

9-ji.com

Targets

    • Target

      DB_DHL_AWB_001833022AD.exe

    • Size

      756KB

    • MD5

      2d985f3b5851efc28e57c98a70b9de4f

    • SHA1

      2d9b300138b372777cde6cbc41526121dfc2663d

    • SHA256

      0daf37a7f327ddc858e1c6c4a02974012fb9434de66256402c8091561ae16fd4

    • SHA512

      a9f9f73024a19283c368a2cc011d6e1cfdac63bf6786ca1ec9e8d765b67e105767ec62546b9339b58b2494c44e3ad51ee1614fd52073151bde2c638c0d6940ac

    • SSDEEP

      12288:IfCk22F22E22U22FAMTihh6xhZ6OrFIu/ZSwJBmLAMPeDKklYQ+zM4HkOKuTDNLO:Tk22F22E22U22eMUgh8yFI6SuW0v+zMh

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks