Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    93aeb18c52bece32042f39cbce6994036ac8556043fdc335bb3fc1453ce8d74f.exe

  • Size

    680KB

  • Sample

    240711-b7zrwavbmg

  • MD5

    207011f0f9e2d8c3ef2d256aa44286b7

  • SHA1

    32239c8cdcbc135cadbccfa0ca93312e6a9a8e71

  • SHA256

    93aeb18c52bece32042f39cbce6994036ac8556043fdc335bb3fc1453ce8d74f

  • SHA512

    7083c82523316980514e9b615e349b3018605f2e02388fb259607248f0f40fa506e279e38fa7d6b8d8249c49f6cc5d9006b2d78b504512ad9ef8106493bb987c

  • SSDEEP

    12288:1Vwp0xC0kU60d7djPR7SCVlxVaPi0xAbY/uVHCJ+yTZ:vwpECfedjPR7SElxVii4AbY/ulMT

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

45er

Decoy

depotpulsa.com

k2bilbao.online

bb4uoficial.com

rwc666.club

us-pservice.cyou

tricegottreats.com

zsystems.pro

qudouyin6.com

sfumaturedamore.net

pcetyy.icu

notbokin.online

beqprod.tech

flipbuilding.com

errormitigationzoo.com

zj5u603.xyz

jezzatravel.com

zmdniavysyi.shop

quinnsteele.com

522334.com

outdoorshopping.net

Targets

    • Target

      93aeb18c52bece32042f39cbce6994036ac8556043fdc335bb3fc1453ce8d74f.exe

    • Size

      680KB

    • MD5

      207011f0f9e2d8c3ef2d256aa44286b7

    • SHA1

      32239c8cdcbc135cadbccfa0ca93312e6a9a8e71

    • SHA256

      93aeb18c52bece32042f39cbce6994036ac8556043fdc335bb3fc1453ce8d74f

    • SHA512

      7083c82523316980514e9b615e349b3018605f2e02388fb259607248f0f40fa506e279e38fa7d6b8d8249c49f6cc5d9006b2d78b504512ad9ef8106493bb987c

    • SSDEEP

      12288:1Vwp0xC0kU60d7djPR7SCVlxVaPi0xAbY/uVHCJ+yTZ:vwpECfedjPR7SElxVii4AbY/ulMT

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks