Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Sipariş formu 07.14.exe

  • Size

    263KB

  • Sample

    230714-pgmlhsed9x

  • MD5

    719c522aec409b51c6868a77f80b6fa8

  • SHA1

    416357c9f7ecc7e9a6e70e3703075f53846f176f

  • SHA256

    7bf47a92fadd875caa70db94a8ef153f7e63296357619e23a27b2d4e0a6a2bde

  • SHA512

    3bd2455092e7ed61838737f68c83e7f4e555dcd92a0a975eb4acff6dd9a08f3986d48afe82d563d8c3db0d1068801b370ad20b3ed517547ed74845a2f1249046

  • SSDEEP

    6144:vYa6ZSSel/J61D4l7EMPHf6G+MDtSSfS606DHTtw7mkNlVxv4ODw:vYrvoJg6diG+MDG60OHTtw7mkZxvu

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b0y4

Decoy

cayocabana.com

handbholidaylighting.com

bombastickmast.com

engageandexceltutoring.com

acdaiucdac.com

alfahifurniture.com

ageingxx.com

app-fintoch.com

quintanaatverde.com

theimperfectangel.com

usvisa-infu.com

774495.com

betjogue.com

jil-fashion.com

luxury-developments.com

tonestarconsulting.com

betonlineaustralia.com

oldglorywineandwhiskey.com

pemimmobiliare.com

carefourexpress.com

Targets

    • Target

      Sipariş formu 07.14.exe

    • Size

      263KB

    • MD5

      719c522aec409b51c6868a77f80b6fa8

    • SHA1

      416357c9f7ecc7e9a6e70e3703075f53846f176f

    • SHA256

      7bf47a92fadd875caa70db94a8ef153f7e63296357619e23a27b2d4e0a6a2bde

    • SHA512

      3bd2455092e7ed61838737f68c83e7f4e555dcd92a0a975eb4acff6dd9a08f3986d48afe82d563d8c3db0d1068801b370ad20b3ed517547ed74845a2f1249046

    • SSDEEP

      6144:vYa6ZSSel/J61D4l7EMPHf6G+MDtSSfS606DHTtw7mkNlVxv4ODw:vYrvoJg6diG+MDG60OHTtw7mkZxvu

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks