Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    69b78313535ef2b6dc89c71b8c389907e8a02cccb5d9fdee05833d69aac84c0fexe_JC.exe

  • Size

    283KB

  • Sample

    230805-mlxwyabe83

  • MD5

    3ebc4be338c1302a6f6e0bd7b54fe53e

  • SHA1

    815f0f48fa90603919cf33ba25f99cf0a4b9996d

  • SHA256

    69b78313535ef2b6dc89c71b8c389907e8a02cccb5d9fdee05833d69aac84c0f

  • SHA512

    fac2ca3553cbad3c1f875e725cc65b116298c8b730902c4b7a0c48fbd957015e38d7df332bfc54266215407ac7f0059046aabf176e08f4e9bc945926fbeb3944

  • SSDEEP

    6144:/Ya6BoVt7aHVDMwNv7veEH06QgBQxj3yMu9LQs6QRVdk1g:/YTM7aBNv7vuIQ5yzaQu2

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

    • Target

      69b78313535ef2b6dc89c71b8c389907e8a02cccb5d9fdee05833d69aac84c0fexe_JC.exe

    • Size

      283KB

    • MD5

      3ebc4be338c1302a6f6e0bd7b54fe53e

    • SHA1

      815f0f48fa90603919cf33ba25f99cf0a4b9996d

    • SHA256

      69b78313535ef2b6dc89c71b8c389907e8a02cccb5d9fdee05833d69aac84c0f

    • SHA512

      fac2ca3553cbad3c1f875e725cc65b116298c8b730902c4b7a0c48fbd957015e38d7df332bfc54266215407ac7f0059046aabf176e08f4e9bc945926fbeb3944

    • SSDEEP

      6144:/Ya6BoVt7aHVDMwNv7veEH06QgBQxj3yMu9LQs6QRVdk1g:/YTM7aBNv7vuIQ5yzaQu2

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks