Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Sipariş 5035.exe

  • Size

    330KB

  • Sample

    231012-pbjmnshd5z

  • MD5

    38b08db0e93a868942dbdbf2d48fca7e

  • SHA1

    2c70b7fed8ac61f0457dc7a0b16d16d240e4cf93

  • SHA256

    ec45ebce734d9a8be961529c08e9de4b192ffd26ea3c2fb76aaf2a1b61e01146

  • SHA512

    c8c6c45b80f801ae64195ae259df498367ac576ed369fd85620fad8af0f1ff09cf09ba0efb433bf65d105b25a2a2052bf4925c7a5d36ea9536a8dd97513995ed

  • SSDEEP

    6144:/Ya6Ci59VF5Ch4HhaOtcRVEUvvYtmE9QmROYXJQN+sQIB9GvCjvta:/Yci59VLCZOtaVTSmXGrJQNYMUC0

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k13s

Decoy

runbe.fun

factrip.com

zalenterprises.net

yoyufoods.com

soniakmahajan.com

jdfdht.site

provenimpact.net

hotelsmadridairport.com

avondalemclarenparts.com

champagnepelissot.com

dqnshtvn.click

barbarahensonrealestate.com

jrys117.top

amb168g.pro

zionsystem.live

highcaliberhusbands.com

dsc-marketing.com

outlemax.com

legalloanmaster.com

sky71.link

Targets

    • Target

      Sipariş 5035.exe

    • Size

      330KB

    • MD5

      38b08db0e93a868942dbdbf2d48fca7e

    • SHA1

      2c70b7fed8ac61f0457dc7a0b16d16d240e4cf93

    • SHA256

      ec45ebce734d9a8be961529c08e9de4b192ffd26ea3c2fb76aaf2a1b61e01146

    • SHA512

      c8c6c45b80f801ae64195ae259df498367ac576ed369fd85620fad8af0f1ff09cf09ba0efb433bf65d105b25a2a2052bf4925c7a5d36ea9536a8dd97513995ed

    • SSDEEP

      6144:/Ya6Ci59VF5Ch4HhaOtcRVEUvvYtmE9QmROYXJQN+sQIB9GvCjvta:/Yci59VLCZOtaVTSmXGrJQNYMUC0

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks