Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    DHL Shipment Delivery Notification 27-9-23.r00

  • Size

    308KB

  • Sample

    231011-hw267aha4v

  • MD5

    414af2fa03d933fe78c66163336038f1

  • SHA1

    827cac0f53c099597014171f5e022a5c84eb78f8

  • SHA256

    07daaf1983dc5ad5374f4776d4e1a3f74a8933891cf1b497129358702bdbc33a

  • SHA512

    f0394d8deeca186156c4ee018215b5e2910368a9203c9f5ede2d4fc309805a6b02d4a8933279c7baa0b067df365f3cdd08d2058ce2e6d3ae96e5fe266770e866

  • SSDEEP

    6144:QZUlD8IY50gzMQF8xkqLU4DhPh7cb9OtA/j8CuA1JUq0UnrFo:Qy8IC0gzM6iLUohZkdYZAIuFo

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Targets

    • Target

      DHL Shipment Delivery Notification 27-9-23.exe

    • Size

      323KB

    • MD5

      d500caad040c54a8a064bb1ae1e02277

    • SHA1

      02f4722d98277480d4d128e3321f156e0471bdde

    • SHA256

      c261ace97411301444d9dfa50d29f9a0328e83ddf45bf15128ad9d796d050461

    • SHA512

      1898e9b94b4cd314327473063b3d800f5eb91a7b5044d72f801251c0a42c8211646974ddd753a0f80dfdc647a056032d3041d41ecec7a890bca78c6751c4cde3

    • SSDEEP

      6144:BnPdudwDs9iDkylpSqHCJLYFn+dBfSVuMKdWKPcmr5tT/RIQzNfov32ZzjWusiD/:BnPdw9iAmpbHCJLQneBaW8KPc2tlIQzp

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks