Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TNT Shipping Document.exe

  • Size

    620KB

  • Sample

    230921-gx6qbsdg7x

  • MD5

    0593245b016a4aabdd56134224efa148

  • SHA1

    62aa8ce315251c033878e82324d786dc2c2f2ec1

  • SHA256

    ff87df006fb01a3f40c3eaa5f64efbb699378e096c28d4179eb5b3c023774acc

  • SHA512

    f5391c70a233be9568d252e8b920cec388817c04ab3a7dfc691c3b1e68743ed46db3261eb1080053b207631cb5e45e5226443ee64b8ed8c989a334f4652e6e2a

  • SSDEEP

    12288:/UZqEisUH/iA0ZTCFmTGpU3TEtxQ4CcH0R5SH9+yF05IyrsgpWVa6AJ/qn:qqEWpuCY/3T3jEd+e05IEhpF6+qn

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy12

Decoy

routinelywell.com

traderinformation.com

xv1lz.cfd

elfiensclinic.com

dfwtexasmilitaryagent.com

gb3p8a.com

ofcure.com

kslgd.link

apexassisthubs.com

270hg.com

spacovitta.com

mattress-info-hu-kwu.today

jakestarrbroadcast.com

modestswimwearshop.com

game0814.com

gec.tokyo

growwellnesscoaching.com

thefavoreats.com

gaasmantech.net

mloffers.net

Targets

    • Target

      TNT Shipping Document.exe

    • Size

      620KB

    • MD5

      0593245b016a4aabdd56134224efa148

    • SHA1

      62aa8ce315251c033878e82324d786dc2c2f2ec1

    • SHA256

      ff87df006fb01a3f40c3eaa5f64efbb699378e096c28d4179eb5b3c023774acc

    • SHA512

      f5391c70a233be9568d252e8b920cec388817c04ab3a7dfc691c3b1e68743ed46db3261eb1080053b207631cb5e45e5226443ee64b8ed8c989a334f4652e6e2a

    • SSDEEP

      12288:/UZqEisUH/iA0ZTCFmTGpU3TEtxQ4CcH0R5SH9+yF05IyrsgpWVa6AJ/qn:qqEWpuCY/3T3jEd+e05IEhpF6+qn

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks