Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    05a5c81fdc977faa60cdd7914e543316

  • Size

    660KB

  • Sample

    231229-2e5ersebgj

  • MD5

    05a5c81fdc977faa60cdd7914e543316

  • SHA1

    a6dab7def82d613ac9657f97feae55c1c87d8c8e

  • SHA256

    cba13febcc8a22b7d10f84d29e4b9c596796f4fb158c4ad9318deb5c822af13e

  • SHA512

    6d1e4de25d1f4c86fc394f06cdb9b5773a3f8bfbf32c532e647833a5e5808df701c717ab2cd2e14123966f52ed097abac45f8e36975bde4449d79a33fc4d79b8

  • SSDEEP

    12288:1Dp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvXddM+5vRmZQc:edX5p/qA6BBVTu6Np8z1

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dsnr

Decoy

nilbahis9.com

sport-streamhd.com

lewislegacyinvestments.com

tradingimpulse.com

robincharity.com

20200856meanathing.space

xzklzl.com

raenina.com

ohmygreet.com

xw-bj.com

redevelopment38subhashnagar.com

whadsrm.icu

asiandiasporas.com

legaleum.com

rebelmum.com

kulovic.com

odfjelloceanwind.com

heritageassisted.care

dexterragroup.net

twelvefortyfive.com

Targets

    • Target

      05a5c81fdc977faa60cdd7914e543316

    • Size

      660KB

    • MD5

      05a5c81fdc977faa60cdd7914e543316

    • SHA1

      a6dab7def82d613ac9657f97feae55c1c87d8c8e

    • SHA256

      cba13febcc8a22b7d10f84d29e4b9c596796f4fb158c4ad9318deb5c822af13e

    • SHA512

      6d1e4de25d1f4c86fc394f06cdb9b5773a3f8bfbf32c532e647833a5e5808df701c717ab2cd2e14123966f52ed097abac45f8e36975bde4449d79a33fc4d79b8

    • SSDEEP

      12288:1Dp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvXddM+5vRmZQc:edX5p/qA6BBVTu6Np8z1

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks