Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Kaas Order 2023 pdf.rar

  • Size

    221KB

  • Sample

    230815-pb17qaae99

  • MD5

    473a541ab9cb2a507ad69e117d4a7931

  • SHA1

    07784851e3b31c1a9db81e64fcd13d41cd45a024

  • SHA256

    b02a5fcdaa1a1544084750565c8e6dddf30d0e6974cc39588e066c5ceee651fd

  • SHA512

    f4068e118116dfaaead0a132969d02eef8dea84931d37018b6d26241b36ae1d95d14327d13763e799ec9e4f0a70db63dc88ff8f954b11c85d16f0d349824a0a6

  • SSDEEP

    6144:BcGMQi+8uQp7QDmw5zuZ/N/K7X83DHCsR:Hi+8jpymwNu/K7X87jR

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

    • Target

      Kaas Order 2023 pdf.exe

    • Size

      237KB

    • MD5

      5caade9e8a1281ee68581e53631ec3ed

    • SHA1

      77b9a0f424eed669f235accc64e22519148cd608

    • SHA256

      ce4adf5f77ad3bf554ee6727abfe3c82e49ac5097e4e8d50ba2faba0d05b9c1d

    • SHA512

      b657353982207ac455b50898a5c69b41eaf7953c88dec4635c3384e34c9ad3b79935871c37bd5eb01459dd2398f1186a42b9a2c8d310332201b27324d8ec760f

    • SSDEEP

      3072:HfY/TU9fE9PEtu+bkUV+m5g1dBNvUEc4NprW779OXLMJIg6mZKIx6e7Mk1WVsb:/Ya62k1m5g1pUcc776xmgpk1esb

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks