Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7604b60990297c5b6f34db41501c0297dbeac0f303377ccc92c4092579b2c846_JC.rtf

  • Size

    50KB

  • Sample

    230805-rm83tadc39

  • MD5

    50dc985e3749a03e19cad19ecf48888e

  • SHA1

    b800887d75f8cfe2f55541e7d201e94e46ca8ab1

  • SHA256

    7604b60990297c5b6f34db41501c0297dbeac0f303377ccc92c4092579b2c846

  • SHA512

    f71edc4d2f9440c66b9acc0e90e36c65d412f4f8b247f6cca1f20137e3ba320a1493e5cca80e2aaaca2610b35e6c960cb0997066c3c921aea63dc61279bb40e0

  • SSDEEP

    768:zwAbZSibMX9gRWj4rOoE3M04JUNWMgQvWx1BuYUdVJ:zwAlR/23KUNWdjrUdVJ

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy30

Decoy

rfc234.top

danielcavalari.com

elperegrinocabo.com

aryor.info

surelistening.com

premium-numero-telf.buzz

orlynyml.click

tennislovers-ro.com

holdmytracker.com

eewapay.com

jaimesinstallglass.com

damactrade.net

swapspecialities.com

perfumesrffd.today

salesfactory.pro

supportive-solutions.com

naiol.com

khoyr.com

kalendeargpt44.com

web-tech-spb.store

Targets

    • Target

      7604b60990297c5b6f34db41501c0297dbeac0f303377ccc92c4092579b2c846_JC.rtf

    • Size

      50KB

    • MD5

      50dc985e3749a03e19cad19ecf48888e

    • SHA1

      b800887d75f8cfe2f55541e7d201e94e46ca8ab1

    • SHA256

      7604b60990297c5b6f34db41501c0297dbeac0f303377ccc92c4092579b2c846

    • SHA512

      f71edc4d2f9440c66b9acc0e90e36c65d412f4f8b247f6cca1f20137e3ba320a1493e5cca80e2aaaca2610b35e6c960cb0997066c3c921aea63dc61279bb40e0

    • SSDEEP

      768:zwAbZSibMX9gRWj4rOoE3M04JUNWMgQvWx1BuYUdVJ:zwAlR/23KUNWdjrUdVJ

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks