Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Purchase Order 4502726800.xls

  • Size

    1.3MB

  • Sample

    231005-kqc18abf48

  • MD5

    11183eb7b983bfb2186430f24434d772

  • SHA1

    bcbe97b20a3c8cd38f92c86c299e5f8ae8717f91

  • SHA256

    7913fa8f88bcf743352767b91881a163ac31b56a30c09fe87a3547690e481430

  • SHA512

    85fff7017fac0c77c7cb8e0e5f162a430e3f20bc13c90061106cc349c12d54a473298be21a184bd20d0b0859be1edc884dab73b907eb4f3859e8cd969af4f4bf

  • SSDEEP

    24576:KWQmmav30xuToZyow6VbAXZSCWZyXw6VoAXZSGmwVJzfJbW0YfEhVivUziH/wrxU:vQmmQ30ps6VIEp76V3EqVW7f6ZzifE

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

    • Target

      Purchase Order 4502726800.xls

    • Size

      1.3MB

    • MD5

      11183eb7b983bfb2186430f24434d772

    • SHA1

      bcbe97b20a3c8cd38f92c86c299e5f8ae8717f91

    • SHA256

      7913fa8f88bcf743352767b91881a163ac31b56a30c09fe87a3547690e481430

    • SHA512

      85fff7017fac0c77c7cb8e0e5f162a430e3f20bc13c90061106cc349c12d54a473298be21a184bd20d0b0859be1edc884dab73b907eb4f3859e8cd969af4f4bf

    • SSDEEP

      24576:KWQmmav30xuToZyow6VbAXZSCWZyXw6VoAXZSGmwVJzfJbW0YfEhVivUziH/wrxU:vQmmQ30ps6VIEp76V3EqVW7f6ZzifE

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks