Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    90c945b94c8009ea59df1297db8d5109.bin

  • Size

    249KB

  • Sample

    230611-b15dsaha4v

  • MD5

    c31e2ffe09d664abbe68d0eb3f3c94d1

  • SHA1

    22b870d18ae43123007ef251b7d4ddd231449517

  • SHA256

    aa69ace5f077d8fd16797bba28b120f88e6c3a438619eefd0daa71a8089ad06d

  • SHA512

    edf85bb0bbcf110c4ee30b6d880c2bca462dd0c405b42af7f115f0a6c98b7dfefd4e07ae44e54c6aea4da6d7f429bdb573d1767dabb14a677a993dfd6e6eaf71

  • SSDEEP

    6144:+x8e7PzN8MvXBsvpSMqAH0fbr1y6BSCDyiGTwVfmCcebk:+7N8UBsvpmAH0fH1yASDhT8U

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn84

Decoy

psptek.com

seshoo.com

dogwalknwoof.com

teamdaigle.com

mimzevents.com

algerimarket.com

rr251r55r.xyz

indialgbtq.com

huatongdk.com

couplecoaches.com

fleshlierwickerwork.com

ambito365.store

hoaified.com

shunsuikeji.com

uiomke.xyz

xn--12c4dfj4gtc.net

pika-moon.fun

breakingbarriersglobal.com

aqua-ammo.com

nmc380.top

Targets

    • Target

      a7a67f0d8860da70cc96c8b72df93811f872175a4aa94230fa583ce2368f79b1.exe

    • Size

      467KB

    • MD5

      90c945b94c8009ea59df1297db8d5109

    • SHA1

      98fed5f6fd694523fda30db36d7ab0b772d8d249

    • SHA256

      a7a67f0d8860da70cc96c8b72df93811f872175a4aa94230fa583ce2368f79b1

    • SHA512

      d0197eb133ea68a3d9260ac5f125a5562ee4ada3384fe6e7023b3921c68142615abdba32f151237f892f44f03df6b5531f3363ead081412b6e0290b665cebbaf

    • SSDEEP

      6144:OYa67yrc7o9gJ1nlshx+GbxCmVKduVlNxrlM8/P+ayMHZY2PRl:OYAwga1lsT+Gh8uhxrlx/P+XCfZl

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks