Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cfe71b8bd0a8d2dfc025eb646af5c1ffadb0e466ee4ddbec62b6ef5fa54ffad9

  • Size

    429KB

  • Sample

    231011-ryt32ade4t

  • MD5

    ce2a9e827802517985137b874a48c5de

  • SHA1

    bafcd1db5521cd526a25890739ec47dd8c3135b9

  • SHA256

    cfe71b8bd0a8d2dfc025eb646af5c1ffadb0e466ee4ddbec62b6ef5fa54ffad9

  • SHA512

    4d9bc8b09e30a06d1939830e9e6a5e272558dcc02aec9675c2c5c6ceb5fe91f22f00fb532aab52cffe1664c5d1b126399f5d5b5bdc04cc8b836d2d37dee99be9

  • SSDEEP

    6144:jplxSd8jhI1m5JLLiypgZfNUULnquulyj16vt1WUixKIMaPHJX3rBhvBaJkOujwh:j+mHq/SULnolyUWUixKzMbBh5rAiwj/

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh21

Decoy

qiandaye.top

zltgw.com

getxgp.link

forest-create.site

parsefilm.com

foodstore.top

reynoldsquality.com

tripleshops.com

altuwaijrifood.com

seniorassistedlivinglocator.com

essencedelanature.com

hrwv098.xyz

olkja.xyz

10685johansen.com

ajidenhp.com

sensifiedregistration.com

timetodatings.life

bizbet-review-pt.com

zhangming.asia

xn--vhq074eeozsda.top

Targets

    • Target

      Dekont.pdf.exe

    • Size

      523KB

    • MD5

      00c530ddcfaeed76880d3813eb299fd0

    • SHA1

      1804eca4b9abfae9be3bf90575142044b6768a1f

    • SHA256

      d8d4a283c2cf6b0b3339d73021955f68d748cad0fd0646f84dbba778e682253e

    • SHA512

      3712037c8188d696570a621960e6ac077dc2fbc9bb92398df96d137635c6bc25ba54895c3a80f993ec6d3c7c7a707b9167f23b39a853591067332ff59f325d60

    • SSDEEP

      12288:94/Mb60lGYuvC6Zea5M38EHOFdnEqX3o3AgX4N6:Q0lLuK61u8ScnD0AN6

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks