Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PO-384728493049.doc

  • Size

    88KB

  • Sample

    230822-je9elscc2s

  • MD5

    5292d77a5796360358f012d31f4cd438

  • SHA1

    ceb7009b833a4829f9017636445a07ca201a9db4

  • SHA256

    404f0f676d94ffdc3cc0b4422a34a5aee31d06c815253ba0e7aeb0fed3905b9c

  • SHA512

    d42e1a014c005935b79de13b975a2e840ef100abfc054b08b547398d3ba99834c6f2074d02b3570da4d2b2a01fbe52dda1ce955c66f0aa2bf20eccc62e03b4f6

  • SSDEEP

    768:kwAbZSibMX9gRWjQOX1eDp9haTtsZ+Tnkfas:kwAlRxu1edzaT+Q1s

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy30

Decoy

rfc234.top

danielcavalari.com

elperegrinocabo.com

aryor.info

surelistening.com

premium-numero-telf.buzz

orlynyml.click

tennislovers-ro.com

holdmytracker.com

eewapay.com

jaimesinstallglass.com

damactrade.net

swapspecialities.com

perfumesrffd.today

salesfactory.pro

supportive-solutions.com

naiol.com

khoyr.com

kalendeargpt44.com

web-tech-spb.store

Targets

    • Target

      PO-384728493049.doc

    • Size

      88KB

    • MD5

      5292d77a5796360358f012d31f4cd438

    • SHA1

      ceb7009b833a4829f9017636445a07ca201a9db4

    • SHA256

      404f0f676d94ffdc3cc0b4422a34a5aee31d06c815253ba0e7aeb0fed3905b9c

    • SHA512

      d42e1a014c005935b79de13b975a2e840ef100abfc054b08b547398d3ba99834c6f2074d02b3570da4d2b2a01fbe52dda1ce955c66f0aa2bf20eccc62e03b4f6

    • SSDEEP

      768:kwAbZSibMX9gRWjQOX1eDp9haTtsZ+Tnkfas:kwAlRxu1edzaT+Q1s

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks