Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    22ca610098805557434a4b2810329689.bin

  • Size

    1.9MB

  • Sample

    231117-bqklmacg73

  • MD5

    2fedbdc13c6236b00d913c02253bfd86

  • SHA1

    bd2926f72ef483023823882bbfa989417ea649d7

  • SHA256

    127e769d7c6587fed646fe52712032fcd483df248fa23c81614bbccf3a534279

  • SHA512

    0047d542c301d0117d4aad7336b97b0cbd2199d961172ef7fefc59b99d40fae795b94fb19be1832bf0179baac8b35783558e6bfe4a93695220c95d32310b35e1

  • SSDEEP

    49152:oMvW4a0Gc2A30kPd7FP2HAyfdjxz8hcsNh3:hW4a/c2A3LF1AAifzaH3

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tb8i

Decoy

097jz.com

physium.net

sherwoodsubnet.com

scbaya.fun

us2048.top

danlclmn.com

starsyx.com

foxbox-digi.store

thefishermanhouse.com

salvanandcie.com

rykuruh.cfd

gelaoguan.net

petar-gojun.com

coandcompanyboutique.com

decentralizedcryptos.com

ecuajet.net

livbythebeach.com

cleaning-services-33235.bond

free-webbuilder.today

pussypower.net

Targets

    • Target

      ad208fe787c74f455a317a5050c3462c8236ed6e3c58f9c6082147ca09902335.xlsx

    • Size

      1.9MB

    • MD5

      22ca610098805557434a4b2810329689

    • SHA1

      23cf1f231d4b1a53416c3f72accbe8e21b4b1fc3

    • SHA256

      ad208fe787c74f455a317a5050c3462c8236ed6e3c58f9c6082147ca09902335

    • SHA512

      a333f8b243c5482302857834f185d934dc6f149b587e40ae41fc30e61936f0fb4c55d0c543f590dcf714fc688abfb018655c86c1e2c10d8ead393ec66b06e910

    • SSDEEP

      49152:0kVgTbHTs6oLbLvnlfRzlPlJfhQKyd2jgC0c+QXjI2yD:2TzTdoLbLvFRzljJed21+yjIB

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks