Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0e612f991709b9569a9baf7993d185955f6347c574effe5c72e51a9f96a7b301

  • Size

    406KB

  • Sample

    230718-havvzsgf65

  • MD5

    1482780bd41df6d1dfe68b2629c26d08

  • SHA1

    17145bdc0f9beeea6f8cf5791210d0fd486818d1

  • SHA256

    0e612f991709b9569a9baf7993d185955f6347c574effe5c72e51a9f96a7b301

  • SHA512

    e0fb5c4ae0ae98b231556950fd358feaebdd414f13e5dcf4eb6f3f77dd9ca5e5af930d04a362ceda9628b61029fa56d1659857dea7d3a1cab2ec8a94c0b974dd

  • SSDEEP

    6144:TPXoDQpcUz+TfBDma1bJzSvPRehOGYJmcKeNq1umGANGc8b0:/WDfhNWRgJ8wkFA6b0

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ms14

Decoy

adjoinstaff.online

kmmdznky.cfd

keyviewgroup.com

kidomarketing.com

jroxtqpq.cfd

jdevmx.com

genqaagz.cfd

1cdpwp.cfd

francegoldvip.com

2qy218.xyz

peterscanner.com

trullys.com

aniwatch.top

windyhillcnc.com

pokazhu.com

r74jsy.cfd

paulgadgets.com

lindanewtee.com

lasik-de-de-8808230.zone

critone.site

Targets

    • Target

      0e612f991709b9569a9baf7993d185955f6347c574effe5c72e51a9f96a7b301

    • Size

      406KB

    • MD5

      1482780bd41df6d1dfe68b2629c26d08

    • SHA1

      17145bdc0f9beeea6f8cf5791210d0fd486818d1

    • SHA256

      0e612f991709b9569a9baf7993d185955f6347c574effe5c72e51a9f96a7b301

    • SHA512

      e0fb5c4ae0ae98b231556950fd358feaebdd414f13e5dcf4eb6f3f77dd9ca5e5af930d04a362ceda9628b61029fa56d1659857dea7d3a1cab2ec8a94c0b974dd

    • SSDEEP

      6144:TPXoDQpcUz+TfBDma1bJzSvPRehOGYJmcKeNq1umGANGc8b0:/WDfhNWRgJ8wkFA6b0

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Formbook payload

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks