Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    246284cbcfe1cb851bada6dd84b70e80_JaffaCakes118

  • Size

    254KB

  • Sample

    241008-ydm8baydqn

  • MD5

    246284cbcfe1cb851bada6dd84b70e80

  • SHA1

    1cba6dcea6d3ddf86438c3107d38620a52ca1417

  • SHA256

    20b597d93eb4d2b2bc15ff25aebb0d171918f99047c31f6eb728833967c8c37f

  • SHA512

    30553c9438443932f52897c0a8833ec86e37a9e256ab13b3102bda51346b12bb561718fc1d570a091d64beae4527f41f9b5c709b990c35c52472c32d067b478e

  • SSDEEP

    6144:cHELyizo4hTiZM9bCQUO0NAMlfmptut/AKkkBBiQd/PE:c7is4UZ3NxlSiYKPMQJM

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ckvl

Decoy

buketmert.com

hodu61.net

avenuecaca.com

kays.kitchen

8ky4.com

pretty-zoo.com

ds613.com

sacramentohemorrhoidcenter.com

icbcpd.com

zzinpick.com

cloudtestingrules.com

2020-especial-em-casa.com

lapdwde83.club

misionsanlorenzo.com

neenaknows.com

jlsqjjz.com

cazconstructionservices.com

ashihun75.icu

elvantage.com

youmovies.site

Targets

    • Target

      246284cbcfe1cb851bada6dd84b70e80_JaffaCakes118

    • Size

      254KB

    • MD5

      246284cbcfe1cb851bada6dd84b70e80

    • SHA1

      1cba6dcea6d3ddf86438c3107d38620a52ca1417

    • SHA256

      20b597d93eb4d2b2bc15ff25aebb0d171918f99047c31f6eb728833967c8c37f

    • SHA512

      30553c9438443932f52897c0a8833ec86e37a9e256ab13b3102bda51346b12bb561718fc1d570a091d64beae4527f41f9b5c709b990c35c52472c32d067b478e

    • SSDEEP

      6144:cHELyizo4hTiZM9bCQUO0NAMlfmptut/AKkkBBiQd/PE:c7is4UZ3NxlSiYKPMQJM

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks