Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    94ade5dbc8785ceb3c54891a66c6c906fbe73d1fdd47922ac6de49561ef967a9.exe

  • Size

    611KB

  • Sample

    240213-dyfnrafg8w

  • MD5

    cf7fc3ae06a494c5659daa2a66971e8c

  • SHA1

    b4cb522e9da268a729e6e685557d45b8fba9e4c5

  • SHA256

    94ade5dbc8785ceb3c54891a66c6c906fbe73d1fdd47922ac6de49561ef967a9

  • SHA512

    d01e35f0b1e9074da9c1318f90d983624a4fc5c3c6343aa69cfe76b9605354b9361d84c6c27d116ca8b083ca6b044994d37d45deac37f9631ff3b4f45121db0d

  • SSDEEP

    12288:WxEd6SeObnbNfoY6XSLpy1AUngsREeSS99SFc4BK8kP84tqkK:Wxc3bbNfoYcSLp2AUn/FTSF9fc84v

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pz08

Decoy

deespresence.com

fanyablack.com

papermoonnursery.com

sunriseclohting.store

jenstandsforarkansas.com

lkhtalentconsulting.com

baerana.com

hyperphit.com

davidianbrant.com

itkagear.com

web-findmy.site

liveforwardventures.com

skyenglearn.online

studio-sticky.store

yassa-hany.online

tacoshack479.com

bigtexture.xyz

erxkula.shop

go-bloggers.com

qwdlwys.site

Targets

    • Target

      94ade5dbc8785ceb3c54891a66c6c906fbe73d1fdd47922ac6de49561ef967a9.exe

    • Size

      611KB

    • MD5

      cf7fc3ae06a494c5659daa2a66971e8c

    • SHA1

      b4cb522e9da268a729e6e685557d45b8fba9e4c5

    • SHA256

      94ade5dbc8785ceb3c54891a66c6c906fbe73d1fdd47922ac6de49561ef967a9

    • SHA512

      d01e35f0b1e9074da9c1318f90d983624a4fc5c3c6343aa69cfe76b9605354b9361d84c6c27d116ca8b083ca6b044994d37d45deac37f9631ff3b4f45121db0d

    • SSDEEP

      12288:WxEd6SeObnbNfoY6XSLpy1AUngsREeSS99SFc4BK8kP84tqkK:Wxc3bbNfoYcSLp2AUn/FTSF9fc84v

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks