Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60_JC.exe

  • Size

    700KB

  • Sample

    231010-v988wafb4s

  • MD5

    32eca73388c09d03aa06f7f87602fac2

  • SHA1

    8fff30284e55a9c9cf8d1838bb2158249c8f9677

  • SHA256

    6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60

  • SHA512

    73e74da117a4ea5fb4fe5b1d44c6733d049ec2d35250f5340b0ba7aab73bd61f282f35762745a511b9bd98bdeee2ff3de19d176905dfbd5bb65a30640206545a

  • SSDEEP

    12288:wbl/Hdeyg7s9dERt9vy64AvWxSWOhf6GxK0psn7TpBi2ZUfOr5eVssmnxSGcIoH:o/HdeP7s96/dD4AF1xgosZw2ZUfO

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ur25

Decoy

discountstoreonline.store

profitwavemastery.com

cvqqrc9j.top

easyhub.xyz

dynamicelevateemporium.online

hlcapp.com

jayanamachine.com

agyaie.com

rentthecostume.net

jvjjdjsf.top

ratce.xyz

pensoupecas.com

nnc375.xyz

beingfrankwithcash.com

simplysoaps.store

jugouqduj.top

rampageoriginal.com

tigglywinks.com

stillnightjohns.fun

exchadom002.com

Targets

    • Target

      6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60_JC.exe

    • Size

      700KB

    • MD5

      32eca73388c09d03aa06f7f87602fac2

    • SHA1

      8fff30284e55a9c9cf8d1838bb2158249c8f9677

    • SHA256

      6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60

    • SHA512

      73e74da117a4ea5fb4fe5b1d44c6733d049ec2d35250f5340b0ba7aab73bd61f282f35762745a511b9bd98bdeee2ff3de19d176905dfbd5bb65a30640206545a

    • SSDEEP

      12288:wbl/Hdeyg7s9dERt9vy64AvWxSWOhf6GxK0psn7TpBi2ZUfOr5eVssmnxSGcIoH:o/HdeP7s96/dD4AF1xgosZw2ZUfO

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks