Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    136c006862c2262205fa40f61daaf18a5d4209bebc0236d7c8743ec554d0482e.exe

  • Size

    774KB

  • Sample

    230706-nl5r8abf7s

  • MD5

    6d594b093b4d5aef208807fcebf40e05

  • SHA1

    dcb78d2eaa1f882f3ab142e11844bde48f1c6834

  • SHA256

    136c006862c2262205fa40f61daaf18a5d4209bebc0236d7c8743ec554d0482e

  • SHA512

    6fae1f69e451c374810061bb53dbe5377c4e6fa48b98769ce599aa37518a05b6350e385394ad8734bbcd12db69c6ac83e3f198e8f859cc3640327f03b5ebf5e7

  • SSDEEP

    12288:/d6L7PVYfgiKbhaDnLMzIL2q+RTdOL8c9Ve20pNiWtvGQAPpPM89ztTVqvbTlTPe:IOyqGUL8cmNrtwP95zRVqv/lz5iQ5c

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ga93

Decoy

wetherd.africa

beedule.com

examhacker.africa

clcgfwz.com

comparingthecloud.com

linehansenbooks.com

ihdshvbp.shop

barrickgold.shop

dynamicsinplay.com

lechon.digital

gethuger.online

midnight-iog.net

gateregistry.shop

chasescentoil.com

kupitprava.info

klopv.online

flylabel.tech

growthnonstop.com

internazional.com

cyxmzy.xyz

Targets

    • Target

      136c006862c2262205fa40f61daaf18a5d4209bebc0236d7c8743ec554d0482e.exe

    • Size

      774KB

    • MD5

      6d594b093b4d5aef208807fcebf40e05

    • SHA1

      dcb78d2eaa1f882f3ab142e11844bde48f1c6834

    • SHA256

      136c006862c2262205fa40f61daaf18a5d4209bebc0236d7c8743ec554d0482e

    • SHA512

      6fae1f69e451c374810061bb53dbe5377c4e6fa48b98769ce599aa37518a05b6350e385394ad8734bbcd12db69c6ac83e3f198e8f859cc3640327f03b5ebf5e7

    • SSDEEP

      12288:/d6L7PVYfgiKbhaDnLMzIL2q+RTdOL8c9Ve20pNiWtvGQAPpPM89ztTVqvbTlTPe:IOyqGUL8cmNrtwP95zRVqv/lz5iQ5c

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks