Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Drawing.exe

  • Size

    603KB

  • Sample

    231012-feq2gsff9y

  • MD5

    9edfa017d41749f89e3ed03de95be047

  • SHA1

    a4ff313cafc64343ffa7afe7ff03fe9f872ab28a

  • SHA256

    b196af30d4f938648c5c626b0c578d73d7d1c4f09b2228800ca78744bf508c06

  • SHA512

    82c24694b21c70096fc8eb5d8dfedf73b03fc88e12206fc8457585fe60b92e72a94d523ab0dc2f1196ef204f90557f5d5360772fce5264440e657b0e22ece68c

  • SSDEEP

    12288:NtHzPrD6MqJ0yadE1dewjSVbJKKGIQh7/xPM7cNmU6:njDZq6dEKJKrIQh7/oU6

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

go95

Decoy

shellveil.com

digitaldame.shop

gsqjrl.top

freitasfamilylaw.com

alliancetransportllc.com

connecthospitality.work

awwaloon.com

fomohour.xyz

sjapkhuf.top

designmcraft.com

travelguidanceer.pro

vejashoessuomi.com

smallsipsteel.com

hallowedhavenstudios.com

bestonsports.com

touxiong53a.com

azgskyhvz4.top

strategicroulette.com

69farma.com

cosmosoftventures.com

Targets

    • Target

      Drawing.exe

    • Size

      603KB

    • MD5

      9edfa017d41749f89e3ed03de95be047

    • SHA1

      a4ff313cafc64343ffa7afe7ff03fe9f872ab28a

    • SHA256

      b196af30d4f938648c5c626b0c578d73d7d1c4f09b2228800ca78744bf508c06

    • SHA512

      82c24694b21c70096fc8eb5d8dfedf73b03fc88e12206fc8457585fe60b92e72a94d523ab0dc2f1196ef204f90557f5d5360772fce5264440e657b0e22ece68c

    • SSDEEP

      12288:NtHzPrD6MqJ0yadE1dewjSVbJKKGIQh7/xPM7cNmU6:njDZq6dEKJKrIQh7/oU6

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks