Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Quotation.exe

  • Size

    696KB

  • Sample

    240604-g8wz9sgb3y

  • MD5

    1701c039722e0ba1cc8876b22bc371f7

  • SHA1

    4b0827c74ec83a5c5db429d36d095d3f7d14d8a5

  • SHA256

    5f811c57872e95387829dbd3addf6e27bbf3bcbcc388354ea19d41ed1b5bd8de

  • SHA512

    baa1cb4fea71fea989998b40c7fc61df73e967d3eae4af3000143a51bd195659b1295c9573a2ce4b7f1bf7810907305dd5e2826dd3fad887b7103546c224d5ce

  • SSDEEP

    12288:u7kpO8mUKNr+uf5Z3g7Gj1/TTwYmbHNbAHUkZJ1bfQ+Ruf0MTGLjcTb:G82Cuf5ZQ7GjpTTwAJhQ+RFeZ

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mw62

Decoy

abpdainik.in

luxuryprojectmalad.co.in

cajunbellebeauty.com

fpmfstudios.com

spedyz.shop

wilddogphotographics.com

apollomoda1.com

evrimciftciportfolio.com

99977bet.com

inefavel.com

mf85.com

online-doctor-nl-1.bond

zqi2lv.vip

thewebdesignhub.co

botwitter.com

18comic-palwoeld.club

loveweldpermanentjewelry.com

l3er39pc-gaywn6kv-d7fs4t7u.cc

31yoyogamestudio.com

yhvh.cloud

Targets

    • Target

      Quotation.exe

    • Size

      696KB

    • MD5

      1701c039722e0ba1cc8876b22bc371f7

    • SHA1

      4b0827c74ec83a5c5db429d36d095d3f7d14d8a5

    • SHA256

      5f811c57872e95387829dbd3addf6e27bbf3bcbcc388354ea19d41ed1b5bd8de

    • SHA512

      baa1cb4fea71fea989998b40c7fc61df73e967d3eae4af3000143a51bd195659b1295c9573a2ce4b7f1bf7810907305dd5e2826dd3fad887b7103546c224d5ce

    • SSDEEP

      12288:u7kpO8mUKNr+uf5Z3g7Gj1/TTwYmbHNbAHUkZJ1bfQ+Ruf0MTGLjcTb:G82Cuf5ZQ7GjpTTwAJhQ+RFeZ

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks