Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    order703233.xls

  • Size

    1.1MB

  • Sample

    230704-hvx6vada3t

  • MD5

    8cc4e73f5ceb73680f5f59b09997d8a3

  • SHA1

    263fb5f059b972f779b4f5d14fb8e674a5b6c799

  • SHA256

    e68ea041c96b370e4d00b77da341aef26e7e25403198f5a49e9f9e310f66dc90

  • SHA512

    6dc39b4d0065b9bddd34ee65bd2369fd61d6b14fe4e2dd69aefca48ace7b6b974fb8c151b85d7bc50ceebe44b935b15358126cf876e95720da975e76fb792613

  • SSDEEP

    24576:Ez0w6sYz+o0xfsjcUos+xKXw6s5zDo0xfsjcUos+xKN3tYjYqJP46w7B:ET6sYOxfsjdos+xKA6s5Txfsjdos+xKp

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m42i

Decoy

kosporttraining.com

z19zgcn.site

kaka225.click

85471xii.net

iuplqle.xyz

bengtsberg.net

bk2y0rmx.site

hotspudqec.space

dreamshospital.com

studio-glinka.com

garotosdatv1.online

au-t-global.com

0kxm.com

medsuppanam.com

sameypaige.com

osstshirts.com

xkrujqqo.shop

hk2r.top

rakebacksites.com

ledxiu.xyz

Targets

    • Target

      order703233.xls

    • Size

      1.1MB

    • MD5

      8cc4e73f5ceb73680f5f59b09997d8a3

    • SHA1

      263fb5f059b972f779b4f5d14fb8e674a5b6c799

    • SHA256

      e68ea041c96b370e4d00b77da341aef26e7e25403198f5a49e9f9e310f66dc90

    • SHA512

      6dc39b4d0065b9bddd34ee65bd2369fd61d6b14fe4e2dd69aefca48ace7b6b974fb8c151b85d7bc50ceebe44b935b15358126cf876e95720da975e76fb792613

    • SSDEEP

      24576:Ez0w6sYz+o0xfsjcUos+xKXw6s5zDo0xfsjcUos+xKN3tYjYqJP46w7B:ET6sYOxfsjdos+xKA6s5Txfsjdos+xKp

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks