Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Invoice No.24DF-55553 [EFL].exe

  • Size

    1.1MB

  • Sample

    241002-nqgaesxgpg

  • MD5

    8caad42143f533bde62f170aa19e30c9

  • SHA1

    79ba95ce19503756f834c4af477a81723ccedf4a

  • SHA256

    bafacac035e304436d77c218e213c0e6a96414e634abca26f5b2c5dd1c401da3

  • SHA512

    fd08d305fa07ddb7f0ef051d10c4c64e6d82692e1a7a3e7239ddf604f2769991d940e7964eacbb8546ecc849a80a7c5df54ae317a6d438361e138ac7c87073db

  • SSDEEP

    24576:NfmMv6Ckr7Mny5QNJBaeOUpnbyM41MdVzwk:N3v+7/5QNJWsGtMb

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e62s

Decoy

ellinksa.shop

uckyspinph.xyz

owdark.net

arriage-therapy-72241.bond

w7ijko4rv4p97b.top

heirbuzzwords.buzz

aspart.shop

ctivemail5-kagoya-com.info

shacertification9.shop

zitcd65k3.buzz

llkosoi.info

ru8.info

rhgtrdjdjykyetrdjftd.buzz

yschoollist.kiwi

oftfolio.online

rograma-de-almacen-2.online

oudoarms.top

mwquas.xyz

orjagaucha.website

nlinechat-mh.online

Targets

    • Target

      Invoice No.24DF-55553 [EFL].exe

    • Size

      1.1MB

    • MD5

      8caad42143f533bde62f170aa19e30c9

    • SHA1

      79ba95ce19503756f834c4af477a81723ccedf4a

    • SHA256

      bafacac035e304436d77c218e213c0e6a96414e634abca26f5b2c5dd1c401da3

    • SHA512

      fd08d305fa07ddb7f0ef051d10c4c64e6d82692e1a7a3e7239ddf604f2769991d940e7964eacbb8546ecc849a80a7c5df54ae317a6d438361e138ac7c87073db

    • SSDEEP

      24576:NfmMv6Ckr7Mny5QNJBaeOUpnbyM41MdVzwk:N3v+7/5QNJWsGtMb

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks