Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cc076ce160b654ecefb5e4de65f35dec.bin

  • Size

    261KB

  • Sample

    230818-cmaspagd2s

  • MD5

    ae7e43348704149652a871570dffb5e1

  • SHA1

    8cea26742fb54586ed8fd51810f637fbcb7401f8

  • SHA256

    10be1621ffe8db54f1e69bf6362c525e9808d779ee278b7f7824e4a90ff83d93

  • SHA512

    d47bce8f3d45d6e162ca4f8348aa977b6a2e1e2e20d3a8ddd7cfb8b118ac2b86eeaa6b36f153d3101f3a5c3f605f9da20a7c41fb04299dd01dc93c5332fbc06c

  • SSDEEP

    6144:20PQPU7GIGurtB/g8yasV6/Wa1i63HQGm8TLglkF:2c9GIJrH9cKWQi63hTLgk

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

    • Target

      Swift TT Copy pdf.exe

    • Size

      274KB

    • MD5

      becff9b703669062005159bd35dc315d

    • SHA1

      042b87bb8d7f28e363a6f3de67d37b0cd4fdd1b9

    • SHA256

      91407535cc5852ecae7889b9f034920694c733c9e47f89d08a470e32b9d31e13

    • SHA512

      b68c24cd100e8b9a7c3972a22b13da4b75305cc433b4a083a4762228795f257b0a769497dde755f828bd53416b0d1ba93bfd5182922ff57ff7cf16e57f5c4cb4

    • SSDEEP

      6144:PYa6x92BX0wKPBAfBiyrTOfYJVL2hTRiZQd:PYj9S0RPYHrbVL2h/d

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks