Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    143b80f264153a0a77ee599f2806702f_JaffaCakes118

  • Size

    492KB

  • Sample

    240504-yktnnshb5t

  • MD5

    143b80f264153a0a77ee599f2806702f

  • SHA1

    bce954b1509a8fb595ec06e21ff51561026f8e4d

  • SHA256

    b1a84ffa5466f9eaa0c03eec38370ec5451c92c0acc7e432c3f60a6ee7b322a0

  • SHA512

    1035871c053f9990a926725943d35906b0f2d8f29f7acd8473fa19c21eb392e3bac585742236c9c2dfd21f80a2dc4f679db5c947d5bab896bfcaf3cabe4cb019

  • SSDEEP

    6144:fSti4jd0sf5VB2t4BMGMOzOUyeoya+FhuBW:fSti4Sit53MOzOveTaO8BW

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

sl

Decoy

man085.com

splnkr.com

ecogasuk.com

chefdominick.com

gopay.site

littlehootyoga.com

xmhailibu.com

maerz-it.com

garrongoshen.com

mstestlabo2.online

thepatioideas.com

loftiscpa.net

p3juices.com

knot-experts.win

hell.enterprises

luisa-anderson.com

transporterivas.com

lispic.com

admiralswitch.win

onionscreative.com

Targets

    • Target

      143b80f264153a0a77ee599f2806702f_JaffaCakes118

    • Size

      492KB

    • MD5

      143b80f264153a0a77ee599f2806702f

    • SHA1

      bce954b1509a8fb595ec06e21ff51561026f8e4d

    • SHA256

      b1a84ffa5466f9eaa0c03eec38370ec5451c92c0acc7e432c3f60a6ee7b322a0

    • SHA512

      1035871c053f9990a926725943d35906b0f2d8f29f7acd8473fa19c21eb392e3bac585742236c9c2dfd21f80a2dc4f679db5c947d5bab896bfcaf3cabe4cb019

    • SSDEEP

      6144:fSti4jd0sf5VB2t4BMGMOzOUyeoya+FhuBW:fSti4Sit53MOzOveTaO8BW

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks