Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ea2729d917d24f794e57dc27a5edbb6d_JaffaCakes118

  • Size

    305KB

  • Sample

    240918-2789esyclk

  • MD5

    ea2729d917d24f794e57dc27a5edbb6d

  • SHA1

    4acbd39f6c95793feb9c7e52f256274aa8c02e80

  • SHA256

    184365416efed1893465d9c1dc0e59aab43f3b6dba54e7e51434ed240c43799b

  • SHA512

    8d9a5d455dbd4e71a5a642a2dff2701fb9fecde0c875e17980533496ae4d9adc845ea3bf930cb3c03c9bd455bc40d444f827b500bb185d99baceaf258ac26f96

  • SSDEEP

    6144:l+/8yFfrs5dxZaxISwaFuW+RikI0hRDfcdD6k2fRFtYbG3B1EVa7wchNHi7HrD/:l+/xFWdHaFj+RpI0bD0dDupFtYbGrqxr

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

hx211

Decoy

benriya-gucci.net

rakecare.ltd

dentalrenaissance.net

filmaporter.com

www284234.com

gnjacnheating.com

bzjxbzsb.com

977zzi.info

zfur.ltd

codingsir.com

test-testin424dgd.com

from-france-with-love.wine

new-igrovyeavtomatiwulcan.com

alexisandtim.com

oneconvey.com

vanhavadurumu.com

perthshirescotland.com

xp666.ink

amywrightportfolio.com

teicoma.com

Targets

    • Target

      ea2729d917d24f794e57dc27a5edbb6d_JaffaCakes118

    • Size

      305KB

    • MD5

      ea2729d917d24f794e57dc27a5edbb6d

    • SHA1

      4acbd39f6c95793feb9c7e52f256274aa8c02e80

    • SHA256

      184365416efed1893465d9c1dc0e59aab43f3b6dba54e7e51434ed240c43799b

    • SHA512

      8d9a5d455dbd4e71a5a642a2dff2701fb9fecde0c875e17980533496ae4d9adc845ea3bf930cb3c03c9bd455bc40d444f827b500bb185d99baceaf258ac26f96

    • SSDEEP

      6144:l+/8yFfrs5dxZaxISwaFuW+RikI0hRDfcdD6k2fRFtYbG3B1EVa7wchNHi7HrD/:l+/xFWdHaFj+RpI0bD0dDupFtYbGrqxr

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Formbook payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.