Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    DEC FORM.docx

  • Size

    11KB

  • Sample

    230807-hsqzraea56

  • MD5

    d544edf8d39f07d5088b21a68c82e4d4

  • SHA1

    5bfe1ce0407cbcd07bb138ef60bc618ab088257e

  • SHA256

    3cfbe6d313af628cfb2cf9f50cd12e1da119d8b0059ad812da885f90c58147eb

  • SHA512

    33b4aa3ae5744f2af646aad5324b6e2f611c9db6c8fb08d7d434279ee8c5f95d5da847843146ea26a237f3fb2bc5808e538888cd20e3c2ae508d9b9d05ec0ce5

  • SSDEEP

    192:kya0N5lclWm4N5eNA2A+EnVs+mg1SoB3cJYkO36PvPKbwPNY9JcWezUlQU:kyX5lclWmu5+A2bkBdBMJYkOqP8wPe9L

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy30

Decoy

rfc234.top

danielcavalari.com

elperegrinocabo.com

aryor.info

surelistening.com

premium-numero-telf.buzz

orlynyml.click

tennislovers-ro.com

holdmytracker.com

eewapay.com

jaimesinstallglass.com

damactrade.net

swapspecialities.com

perfumesrffd.today

salesfactory.pro

supportive-solutions.com

naiol.com

khoyr.com

kalendeargpt44.com

web-tech-spb.store

Targets

    • Target

      DEC FORM.docx

    • Size

      11KB

    • MD5

      d544edf8d39f07d5088b21a68c82e4d4

    • SHA1

      5bfe1ce0407cbcd07bb138ef60bc618ab088257e

    • SHA256

      3cfbe6d313af628cfb2cf9f50cd12e1da119d8b0059ad812da885f90c58147eb

    • SHA512

      33b4aa3ae5744f2af646aad5324b6e2f611c9db6c8fb08d7d434279ee8c5f95d5da847843146ea26a237f3fb2bc5808e538888cd20e3c2ae508d9b9d05ec0ce5

    • SSDEEP

      192:kya0N5lclWm4N5eNA2A+EnVs+mg1SoB3cJYkO36PvPKbwPNY9JcWezUlQU:kyX5lclWmu5+A2bkBdBMJYkOqP8wPe9L

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks