Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    024aa4a117fa7c5952577b1e904510e09c0e048a7bfaf320fcbdb4f309c41ba5

  • Size

    550KB

  • Sample

    231103-c13evscg46

  • MD5

    6981fc2102b4a2e0f959b202df182f8a

  • SHA1

    9d4ec84685c8fe4fdceaff7aaedd69aafef9b3ad

  • SHA256

    024aa4a117fa7c5952577b1e904510e09c0e048a7bfaf320fcbdb4f309c41ba5

  • SHA512

    af9ce535fb69b0dfe96c5872e8a8191b964ffe9693334ea4943638daadd2984b98bb8f34040de97f0dc99cb7709b9327ef06024b98e8620c1397cbe6fb0c11ec

  • SSDEEP

    12288:hIkqVKSUD29C8S0EoQiJDPDTcqAvMZrjZqJ+OG24MifHit6xn3o:hIkqVQR68iJDP8qHrjX+Nk

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o6g2

Decoy

sdsteelfurnitures.com

rentpropertypalma.com

qysdh1.xyz

cybersecintl.com

gtvcodes.com

furniture-99972.bond

thirteen39designs.com

ibrahimmallouhi.info

gddenggao.icu

padmabsingh.online

familyfarmequipment.com

tailboost.xyz

euel6.xyz

visualduuck.com

paraserviryproteger.homes

fleurandviola.com

hstgaga.com

whacknet.com

rumenaraya.com

fineeastuk.com

Targets

    • Target

      024aa4a117fa7c5952577b1e904510e09c0e048a7bfaf320fcbdb4f309c41ba5

    • Size

      550KB

    • MD5

      6981fc2102b4a2e0f959b202df182f8a

    • SHA1

      9d4ec84685c8fe4fdceaff7aaedd69aafef9b3ad

    • SHA256

      024aa4a117fa7c5952577b1e904510e09c0e048a7bfaf320fcbdb4f309c41ba5

    • SHA512

      af9ce535fb69b0dfe96c5872e8a8191b964ffe9693334ea4943638daadd2984b98bb8f34040de97f0dc99cb7709b9327ef06024b98e8620c1397cbe6fb0c11ec

    • SSDEEP

      12288:hIkqVKSUD29C8S0EoQiJDPDTcqAvMZrjZqJ+OG24MifHit6xn3o:hIkqVQR68iJDP8qHrjX+Nk

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks