Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Confirm!!.rar

  • Size

    702KB

  • Sample

    231112-tx3d5agg7t

  • MD5

    4662d7133528bf980c6b1f6a7865b0c9

  • SHA1

    76ed3f2e80b0520a4d6f38537319e8e85650d5e8

  • SHA256

    79115213cd51631d50fdd6d76f5d5825017ff0f01e7c8a0f4d72e1c626d912dd

  • SHA512

    d30b2dbdf0e02575cb48d044a0d9fb6b0d72a3444b8359252697c17e8fd5e7117ab2bb582ecb1eb9930d8b4a465909f3539139d444200eea1e0fe2b2e09f3c46

  • SSDEEP

    12288:2kY0iXbGG8SH0dJQ4DbqpYJpzE9d7QmcMMFe3uC8kTKC7Pzvl81UleDtxeFTc9z8:2kY0kGGh0zLiBKMIe34crzvozRxeFA8

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he2a

Decoy

connectioncompass.store

zekicharge.com

dp77.shop

guninfo.guru

mamaeconomics.net

narcisme.coach

redtopassociates.com

ezezn.com

theoregondog.com

pagosmultired.online

emsculptcenterofne.com

meet-friends.online

pf326.com

wealthjigsaw.xyz

arsajib.com

kickassholdings.online

avaturre.biz

dtslogs.com

lb92.tech

pittalam.com

Targets

    • Target

      Confirm!!.exe

    • Size

      909KB

    • MD5

      63f2ae7b89ae6bfad8ee75885b92ab2d

    • SHA1

      4761dc770d4e7259137bf74d52285bf5f46d068a

    • SHA256

      bb8548a744cd648172b769babfe7fb42aec25bc35e812f491af41d31c4c92d13

    • SHA512

      10c84ab1a412fff41d76b3244d852413bb5952720c6ed310d7f6c3689c0191bf678e2d11846bcd3716ce4243f9672c1fdabb458081c5c8cacb53dce53b9d5f3a

    • SSDEEP

      12288:3QZPC78Xxgjmqdd3ryMQD3EtX7rPK5Juy2fA/Ft795l0umvv:3QK8Xqj3B5Xa0st55lBm

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks