Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Quotation.exe

  • Size

    899KB

  • Sample

    230629-nl46pacg99

  • MD5

    91bc4999ed5740509f8eceeed0638400

  • SHA1

    f954bd1bd2250d4eb9249f3d9ca5a464b55ee44c

  • SHA256

    ddd9ead73e818770fe8bc81da65f863e2ed6d20a6a32c60817d3edc8c4aa38d4

  • SHA512

    457cf49c4714fb7cb47539b953fffba9168feea9b3fdaa14f59775e7a119d717fbd806b09736df870b295ce894049f0909626e6d968a61426a6df614a5d606d8

  • SSDEEP

    12288:0N8Ne5oHOEQeeZwHyLop6bZFJdj3Kk24ppQRNvSmr5:0CzMwHp6lkk7ppmJj

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cs94

Decoy

dhaliwal3.com

iptvebay.shop

hsfgass33.top

cammali.com

dcleaningseevicesltd.co.uk

amzosecsn-jp.icu

builtmedia.co.uk

duoguang.top

forumken.net

cqivrh.cfd

lr-nexusark.com

carrirae.shop

jtownexclusive.africa

georoiddemo.online

lefinet.com

otc.rsvp

kitchenpharmacy.co.uk

bbywafz248xca4.com

digijockey.com

9-ji.com

Targets

    • Target

      Quotation.exe

    • Size

      899KB

    • MD5

      91bc4999ed5740509f8eceeed0638400

    • SHA1

      f954bd1bd2250d4eb9249f3d9ca5a464b55ee44c

    • SHA256

      ddd9ead73e818770fe8bc81da65f863e2ed6d20a6a32c60817d3edc8c4aa38d4

    • SHA512

      457cf49c4714fb7cb47539b953fffba9168feea9b3fdaa14f59775e7a119d717fbd806b09736df870b295ce894049f0909626e6d968a61426a6df614a5d606d8

    • SSDEEP

      12288:0N8Ne5oHOEQeeZwHyLop6bZFJdj3Kk24ppQRNvSmr5:0CzMwHp6lkk7ppmJj

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks