Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    DHL-081023.exe

  • Size

    1005KB

  • Sample

    231008-s777pagb62

  • MD5

    e9577305797da56c4538f35d2da1e6ef

  • SHA1

    4b19ed069368fa3b9433c9c8d8b4a050dfae77bc

  • SHA256

    6c8bb939433b05a8b56b08ef68f8c5b5f396bc2b5454ec09d4ee1654951ff463

  • SHA512

    28427e4d980c8aceb27fe0fd31275bf7fbf6fdac1b9730c80ff9e3917c6b064b0a605f83c0df3fd7cc0642305797e159711ffe5f94f6aaa3d42d3cc8373077f5

  • SSDEEP

    24576:NTbBv5rUanWnNr75xArQDF8XhV+dFGa6mPcyGJzQfs8FiNGVDoB:HBjWnd7HbghVRoGBQfookB

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hesf

Decoy

rizublog-aromama-a.com

87b52.club

allportablepower.com

brownkrosshui.com

schuobu.fun

qevtjrobrb.xyz

throne-rooms.com

hostcheker.net

buzztsunamiloja.com

kkudatogel27.com

91fulizifen.com

148secretbet.com

outlookthailand.com

zonaduniabet.net

boursobankk.com

tuneuphypnosis.com

sahabatzulhelmi.com

usbulletinnow.com

durdurdarshi.com

zz-agency.com

Targets

    • Target

      DHL-081023.exe

    • Size

      1005KB

    • MD5

      e9577305797da56c4538f35d2da1e6ef

    • SHA1

      4b19ed069368fa3b9433c9c8d8b4a050dfae77bc

    • SHA256

      6c8bb939433b05a8b56b08ef68f8c5b5f396bc2b5454ec09d4ee1654951ff463

    • SHA512

      28427e4d980c8aceb27fe0fd31275bf7fbf6fdac1b9730c80ff9e3917c6b064b0a605f83c0df3fd7cc0642305797e159711ffe5f94f6aaa3d42d3cc8373077f5

    • SSDEEP

      24576:NTbBv5rUanWnNr75xArQDF8XhV+dFGa6mPcyGJzQfs8FiNGVDoB:HBjWnd7HbghVRoGBQfookB

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks