Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    invoice.zip

  • Size

    680KB

  • Sample

    230816-pmsdysag58

  • MD5

    dfe058750f3718d527baf78c6fac9e15

  • SHA1

    150a2d83de4a0a2039a66e29fc2d72cd4c372384

  • SHA256

    e3921e3d49ebc5e8541b75a72dc137e89431e182ecf63d2dfc52d7be73455c3a

  • SHA512

    1314fc51da3fcffb871bee2ffda56f177fcee140bfaddb8e852e38e9a17501e1f41a7e072e1263cf0a1b5db9548ee9ae979e96bb5d80f151b745ca3861288c65

  • SSDEEP

    12288:Ldd4IPMUIW406PLKD3HBFYp5SMHaR6GFRI+EIWfgutt7t76cghbvL+:LPEUIWl6PLKgpi3FRI+EJBtt7t7yhbvS

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e14e

Decoy

bekamwanitajogja.com

dysae21.xyz

warehouse-top-jobs.today

h53h.com

fertility.builders

coincallpro.com

gdlinternational.sale

r3hews.shop

sg199.com

whitehillmemorials.com

nadadedor.com

pamphletbox.com

4dsmartglass.com

avaluxuryliving.com

fatdog.club

insightinvention.com

exmigraine.com

bridxo.xyz

wy6zbsa.xyz

jithinvijay.com

Targets

    • Target

      invoice.exe

    • Size

      926KB

    • MD5

      f93b86ab785cc1422188c476d3483ad5

    • SHA1

      cb8e9cedad42afbf0a32cdc58643450fd149e6ad

    • SHA256

      6217071ee755bb3de9914c5ee71161ed5666acd77c7cb6bd972d465707bf0613

    • SHA512

      b7161e145dcf2ab24816866980f8afb42f0535e75a66c870c86f043140580203d94bd754ee35a52f2dc6722d282fdf48aa6f87b85ec7d97c8a6b80efc3258c63

    • SSDEEP

      12288:D1PDogOtA1MUII0a6PCKv3rBtOpxP2eZrW2uvMrxJ8mJAsjFmR00lqTjgidAA:STUIIN6PCKCpxDrFyOxJ8aAwAgTjjA

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks