Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Payment Confirmation REF No 016747 PDF.exe

  • Size

    253KB

  • Sample

    230828-mbyeqacg7v

  • MD5

    321ac4a7c104daae261c6ce5ed12db5a

  • SHA1

    2cf6f37db30b5bdd5b3ae338a4e209c9ccd0f984

  • SHA256

    21ccf1fad3e1a08f580d5f0d5aa2d13fb1a633aa1c68100d435628a437efb89b

  • SHA512

    35591b1d584daeda8d6997224c6b3edb666f8cb8b7a77950f7411ef6bf030d40b8308168500a12d7f8c503113ba0e870abed8192807f679cfd90a317cf9f03d7

  • SSDEEP

    6144:PYa64mTIQqcpm2VNUmdzdr4AiO0iijUg0SkuMPnGKY6X:PYOmTtrVjd2liijUg0tuMeJ0

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

    • Target

      Payment Confirmation REF No 016747 PDF.exe

    • Size

      253KB

    • MD5

      321ac4a7c104daae261c6ce5ed12db5a

    • SHA1

      2cf6f37db30b5bdd5b3ae338a4e209c9ccd0f984

    • SHA256

      21ccf1fad3e1a08f580d5f0d5aa2d13fb1a633aa1c68100d435628a437efb89b

    • SHA512

      35591b1d584daeda8d6997224c6b3edb666f8cb8b7a77950f7411ef6bf030d40b8308168500a12d7f8c503113ba0e870abed8192807f679cfd90a317cf9f03d7

    • SSDEEP

      6144:PYa64mTIQqcpm2VNUmdzdr4AiO0iijUg0SkuMPnGKY6X:PYOmTtrVjd2liijUg0tuMeJ0

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks