Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6ed8801868c8baadf89c50bff443e9c29002e0db951ee456ffba50bca1812d6d_JC.exe

  • Size

    650KB

  • Sample

    230930-pyjk7aca5s

  • MD5

    e189c425869e466d842c472d895035d7

  • SHA1

    e50796539a9fd5c50f6569c00c2d01709bf203db

  • SHA256

    6ed8801868c8baadf89c50bff443e9c29002e0db951ee456ffba50bca1812d6d

  • SHA512

    49c10e95d653531d4f92c3377f351c5639971fb58513aac23c803bb4ba930de101c20dd77649e1dd7bb207e6ba64150af2c99deb174bb7a5d62fe948b6d308f1

  • SSDEEP

    12288:VcrAckjQ5bLSqHcGdDY30I3lYPiICl45mLPKNDOvNvttVZeDh1:OkabLjcIc0I3l4wlBLCm7V

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

4hc5

Decoy

amandaastburyillustration.com

7141999.com

showshoe.info

sagemarlin.com

lithuaniandreamtime.com

therenixgroupllc.com

avalialooks.shop

vurporn.com

lemmy.systems

2816goldfinch.com

pacersun.com

checktrace.com

loadtransfer.site

matsuri-jujutsukaisen.com

iontrapper.science

5108010.com

beidixi.com

21305599.com

peakvitality.fitness

osisfeelingfee.com

Targets

    • Target

      6ed8801868c8baadf89c50bff443e9c29002e0db951ee456ffba50bca1812d6d_JC.exe

    • Size

      650KB

    • MD5

      e189c425869e466d842c472d895035d7

    • SHA1

      e50796539a9fd5c50f6569c00c2d01709bf203db

    • SHA256

      6ed8801868c8baadf89c50bff443e9c29002e0db951ee456ffba50bca1812d6d

    • SHA512

      49c10e95d653531d4f92c3377f351c5639971fb58513aac23c803bb4ba930de101c20dd77649e1dd7bb207e6ba64150af2c99deb174bb7a5d62fe948b6d308f1

    • SSDEEP

      12288:VcrAckjQ5bLSqHcGdDY30I3lYPiICl45mLPKNDOvNvttVZeDh1:OkabLjcIc0I3l4wlBLCm7V

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks