Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e.exe

  • Size

    635KB

  • Sample

    240220-gkyh7acc5w

  • MD5

    266b256a9d1e3e48d3e7f332d55808bc

  • SHA1

    fb3d7c13dc44c3cb476fd0a0f7fd3b377373e8d3

  • SHA256

    993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e

  • SHA512

    3bea81f5f96eae9abc8a6733c0220367e8664b2b2c15c4c663fa03fbf97663ec5becb2cfc3468c796757bfd33912880bd7900796b2da8f3387f629d2cbd606a3

  • SSDEEP

    12288:vSmPwRYnOELz89OW+pPqwABljLt2EnS3KrNLr8StEotSnFKIFN:vSmP0Y74uPqwABlHtzSaaSLSnsiN

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fr07

Decoy

considerateandrefrigerate.com

yuuki.academy

elizabethcaldwellportfolio.com

kegdol.xyz

wecommerce.one

4018mlp.com

nirng8u.online

techmalabar.com

hm885.com

lacademiedespossibles.com

sungnamdobae.com

aldardasha.website

tvkvijay.support

subpreschoolteacher.com

revolutionstealth.com

rtpindo1.store

healingsensationscbd.com

digitalmakeads.cloud

vlascosupplies.com

trautwen.com

Targets

    • Target

      993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e.exe

    • Size

      635KB

    • MD5

      266b256a9d1e3e48d3e7f332d55808bc

    • SHA1

      fb3d7c13dc44c3cb476fd0a0f7fd3b377373e8d3

    • SHA256

      993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e

    • SHA512

      3bea81f5f96eae9abc8a6733c0220367e8664b2b2c15c4c663fa03fbf97663ec5becb2cfc3468c796757bfd33912880bd7900796b2da8f3387f629d2cbd606a3

    • SSDEEP

      12288:vSmPwRYnOELz89OW+pPqwABljLt2EnS3KrNLr8StEotSnFKIFN:vSmP0Y74uPqwABlHtzSaaSLSnsiN

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks