Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Order No 455100.doc

  • Size

    3KB

  • Sample

    231013-y1vkxaba44

  • MD5

    b369f7fc426c775b65a99ae2c304751e

  • SHA1

    74e3cda013b63cfec95c366dc0f71b6630df85b3

  • SHA256

    0d3a500677f84c749dfa47f13c1951e80b8b77fab39c6ff1c4fb40b0568569d3

  • SHA512

    6185c9df5ff994c866e9a8fa89cc618c37537e5cd9aeddddba4df1cf107252d4e7f43502284b5bca31da28cd1468f770440cff39392825cbb970d7ce17eee5b5

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge06

Decoy

azaharparis.com

nationaleventsafety.com

covesstudy.com

quinshon4.com

moderco.net

trailblazerbaby.com

time-edu.net

azeemtourism.com

anakmedan3.click

bookinternationaltours.com

ulksht.top

newswirex.com

dingg.net

waveoflife.pro

miamirealestatecommercial.com

rtplive77.xyz

bowllywood.com

automation-tools-84162.bond

booptee.com

ebx.lat

Targets

    • Target

      Order No 455100.doc

    • Size

      3KB

    • MD5

      b369f7fc426c775b65a99ae2c304751e

    • SHA1

      74e3cda013b63cfec95c366dc0f71b6630df85b3

    • SHA256

      0d3a500677f84c749dfa47f13c1951e80b8b77fab39c6ff1c4fb40b0568569d3

    • SHA512

      6185c9df5ff994c866e9a8fa89cc618c37537e5cd9aeddddba4df1cf107252d4e7f43502284b5bca31da28cd1468f770440cff39392825cbb970d7ce17eee5b5

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks