Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e960f10f4c8fd0f6b380743439c91fdb.exe

  • Size

    946KB

  • Sample

    230609-kw59yscd9s

  • MD5

    e960f10f4c8fd0f6b380743439c91fdb

  • SHA1

    ccf3feb1d2f7e01c0732fee057e01d13285eb90d

  • SHA256

    fbaea63cf0928cdd548719ce257ea3813b92a8765f561bbe7e8842e7d830b87e

  • SHA512

    cf22f2fdb305bdff5a7d25a5d1e5e7db097df391e56f66cfc2c5118f1cf063a0123eb2be6e978d6909ca856fad814eb0be65d2ac45d3dab918ef3c8869d189db

  • SSDEEP

    24576:PuHeMjlSADnET+YvWBThrbJnJz+ydKbxsg:2+Q7DErvchJ6QKFs

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

toulouse.gold

launchyouglobal.com

margarita-services.com

dasnail.club

casa-hilo.com

hardscapesofflorida.com

thepositivitypulse.com

kkmyanev.cfd

love6ace22.top

castorcruise.com

chch6.com

h59f07jy.cfd

saatvikteerthyatra.com

fxsecuretrading-option.com

mostbet-k1o.click

36-m.beauty

ko-or-a-news.com

eurekatextile.com

gynlkj.com

deepsouthcraftsman.com

Targets

    • Target

      e960f10f4c8fd0f6b380743439c91fdb.exe

    • Size

      946KB

    • MD5

      e960f10f4c8fd0f6b380743439c91fdb

    • SHA1

      ccf3feb1d2f7e01c0732fee057e01d13285eb90d

    • SHA256

      fbaea63cf0928cdd548719ce257ea3813b92a8765f561bbe7e8842e7d830b87e

    • SHA512

      cf22f2fdb305bdff5a7d25a5d1e5e7db097df391e56f66cfc2c5118f1cf063a0123eb2be6e978d6909ca856fad814eb0be65d2ac45d3dab918ef3c8869d189db

    • SSDEEP

      24576:PuHeMjlSADnET+YvWBThrbJnJz+ydKbxsg:2+Q7DErvchJ6QKFs

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks