Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f_JC.exe

  • Size

    835KB

  • Sample

    231004-w6wn2sdh8y

  • MD5

    33ffe47617ab65e5fbb0b2eedf0b5b4e

  • SHA1

    394351007b7fa83b84a30c66b84083ba9af66410

  • SHA256

    d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f

  • SHA512

    b73e46c09c42c4196299e4787652991de3cc61ee869833a4b241d1222bbfbab9bd31e59533835a57fb15d221891ceac387d5a8e97cff918046fc84d81cdbe0cf

  • SSDEEP

    24576:mk70TrcKMs8ftsubdunEtMif2Fo0VANdUKsm1:mkQTAZsubdunDif2F9Agw

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bz24

Decoy

paltran.com

convadesolutions.com

smyx9b.work

friggerio.com

jndyfjc.com

dm4im2q2.top

adamloweforpresident2020.com

grvtyindustries.com

lovelycacau.com

seqizi.net

xisl88.com

dateknightdelivered.com

celebsmoaic.online

patriciolawnlandscapellc.com

liqq.asia

solutions4educators.com

hybridrate.com

newseza.com

enfejbaz9jdfthea.click

bergstromchevymadison.com

Targets

    • Target

      d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f_JC.exe

    • Size

      835KB

    • MD5

      33ffe47617ab65e5fbb0b2eedf0b5b4e

    • SHA1

      394351007b7fa83b84a30c66b84083ba9af66410

    • SHA256

      d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f

    • SHA512

      b73e46c09c42c4196299e4787652991de3cc61ee869833a4b241d1222bbfbab9bd31e59533835a57fb15d221891ceac387d5a8e97cff918046fc84d81cdbe0cf

    • SSDEEP

      24576:mk70TrcKMs8ftsubdunEtMif2Fo0VANdUKsm1:mkQTAZsubdunDif2F9Agw

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks