Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Order Confirmation_AW06846590.xlsx

  • Size

    1.9MB

  • Sample

    230714-hh3wkace28

  • MD5

    93b2589a476be0ed105c0522952b7184

  • SHA1

    4d5ac891d6d8277d8babf4b063200386df057008

  • SHA256

    90546a3e111449c78cf6bf0d4955235a4e6a1dbbd63d398df5037af4c83512ad

  • SHA512

    dcfb163f66d635e50949143811cb9f6411440ced9cfeea6083d0ef581df096275aeed41800d3e2b3c22676f06f91c153ac92ba5cf06c1c3da7ef0016de8c0a5d

  • SSDEEP

    24576:oYCz3zxQUcyfUELdvcKdzAxLP4a+3kpUHErAjRrd35ypIhiYxEaQOmMFMf8A55:BCz3a1tovcykxRTAjHs+/QwdA55

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dh08

Decoy

lhmontajes.com

thomasholiday.com

onlinerscor.site

shadowstudiofx.com

velasdemieldeabeja.com

zerotoherobudgeting.com

hw158990.vip

xvzcjp.sbs

polaski-loamaz.info

4zx1le.cfd

bronzemember.club

nevadajacoby.shop

mmmms78.top

toolnetic.shop

sabongcash.asia

espiralconhecimento.com

ftscwj.com

1wpdip.top

scap.site

marineaccidentlawyer.com

Targets

    • Target

      Order Confirmation_AW06846590.xlsx

    • Size

      1.9MB

    • MD5

      93b2589a476be0ed105c0522952b7184

    • SHA1

      4d5ac891d6d8277d8babf4b063200386df057008

    • SHA256

      90546a3e111449c78cf6bf0d4955235a4e6a1dbbd63d398df5037af4c83512ad

    • SHA512

      dcfb163f66d635e50949143811cb9f6411440ced9cfeea6083d0ef581df096275aeed41800d3e2b3c22676f06f91c153ac92ba5cf06c1c3da7ef0016de8c0a5d

    • SSDEEP

      24576:oYCz3zxQUcyfUELdvcKdzAxLP4a+3kpUHErAjRrd35ypIhiYxEaQOmMFMf8A55:BCz3a1tovcykxRTAjHs+/QwdA55

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks