Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    014ed741b83b7bd4572f9fb1285ebecf658b74eb367b712614034c28b9af4845

  • Size

    361KB

  • Sample

    231102-b86xksfa8x

  • MD5

    5670f0e7e08a909949216672d3428e66

  • SHA1

    8c8e8e7715e87810ad4d1f943279e081b7fded0e

  • SHA256

    014ed741b83b7bd4572f9fb1285ebecf658b74eb367b712614034c28b9af4845

  • SHA512

    ac8ecdffd2991dbcde5eb86eb3525c40c4f1be468c22f03826c39228594764c2e38a7f82ce75537a8e3400d0dc68d674303c51a7ad424fca08c807898e70c28e

  • SSDEEP

    6144:F8LxBspf+q388vnDdsnm0GJPldFNehNTZGbQvtovLZIXahPxCpO2yjP2k5:/p9Dxsm0GJPRNehNtGbQvtoD6Xa6poB5

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

    • Target

      014ed741b83b7bd4572f9fb1285ebecf658b74eb367b712614034c28b9af4845

    • Size

      361KB

    • MD5

      5670f0e7e08a909949216672d3428e66

    • SHA1

      8c8e8e7715e87810ad4d1f943279e081b7fded0e

    • SHA256

      014ed741b83b7bd4572f9fb1285ebecf658b74eb367b712614034c28b9af4845

    • SHA512

      ac8ecdffd2991dbcde5eb86eb3525c40c4f1be468c22f03826c39228594764c2e38a7f82ce75537a8e3400d0dc68d674303c51a7ad424fca08c807898e70c28e

    • SSDEEP

      6144:F8LxBspf+q388vnDdsnm0GJPldFNehNTZGbQvtovLZIXahPxCpO2yjP2k5:/p9Dxsm0GJPRNehNtGbQvtoD6Xa6poB5

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks