Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    rProductSpecs.exe

  • Size

    594KB

  • Sample

    230826-n6a4cabg8w

  • MD5

    05579b705197cc4ff3728af6d4d49f08

  • SHA1

    89fb958792780a68990427aa3d8dfc9262c05dc1

  • SHA256

    cc0f366752ad8832bf26a387da04626c8db6f00a69d5a98ce5934d0db01c1329

  • SHA512

    b2bb887f3f07aa64afd7d3c6afce1532c83d380b25e0ef984ac591e3a4aac4980f18367370ddfbb0028bedc43b2ca4020f2b99fa149c75cff6e1ed7ed7b113bc

  • SSDEEP

    12288:fbqwi/iWsjKX/Covqtk1Nla6KU9HTk8WjssUD1hZfxgEqD:jqwiiW9CysDOg8fh9xC

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hinf

Decoy

gemaprojects.com

infinitymarketingsystems.com

pustmegfram.com

mydetailaccelerator.com

zeusoffyp6.click

thegoddessofthehunt.com

abajim.com

jctrhc78.com

iyouiyiti.com

jobscnwire.com

emirates-tobacco.com

onledutech.com

medicinefloor.com

lghyr.fun

dohodnaavtomate.online

fbaxqevemd7.xyz

descontode70porcento.online

assmaco.com

bb845933.site

pinapplecapital.com

Targets

    • Target

      rProductSpecs.exe

    • Size

      594KB

    • MD5

      05579b705197cc4ff3728af6d4d49f08

    • SHA1

      89fb958792780a68990427aa3d8dfc9262c05dc1

    • SHA256

      cc0f366752ad8832bf26a387da04626c8db6f00a69d5a98ce5934d0db01c1329

    • SHA512

      b2bb887f3f07aa64afd7d3c6afce1532c83d380b25e0ef984ac591e3a4aac4980f18367370ddfbb0028bedc43b2ca4020f2b99fa149c75cff6e1ed7ed7b113bc

    • SSDEEP

      12288:fbqwi/iWsjKX/Covqtk1Nla6KU9HTk8WjssUD1hZfxgEqD:jqwiiW9CysDOg8fh9xC

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks