Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RFQ # PC25-1301.xlsx

  • Size

    1.8MB

  • Sample

    250114-gc411azqfn

  • MD5

    0792874afc518221f07574f95f43f5ef

  • SHA1

    a4d7f0552e1fff852db8b27e1409bdbf4bc46244

  • SHA256

    161e3b6200af955772e00be88646b3c6332faca2e9867eedd9c41cc5a1b62876

  • SHA512

    67896688ea410a2af33d3936dbf913e6b1941f826dc40cbe1bf29f96a0b8dc4b1595f7d1e74738de2bc891006f3327616a7f607d0adc077d62ac4a380f3e1d5b

  • SSDEEP

    49152:kTiDS2iZYJTg+uFfcdD+3GkdQFzhccnYmmAQd2:kmugO+6fV3GkdQdnhR

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hwu6

Decoy

lf758.vip

locerin-hair.shop

vytech.net

pet-insurance-intl-7990489.live

thepolithat.buzz

d66dr114gl.bond

suv-deals-49508.bond

job-offer-53922.bond

drstone1.click

lebahsemesta57.click

olmanihousel.shop

piedmontcsb.info

trisula888x.top

66sodovna.net

dental-implants-83810.bond

imxtld.club

frozenpines.net

ffgzgbl.xyz

tlc7z.rest

alexismuller.design

Targets

    • Target

      RFQ # PC25-1301.xlsx

    • Size

      1.8MB

    • MD5

      0792874afc518221f07574f95f43f5ef

    • SHA1

      a4d7f0552e1fff852db8b27e1409bdbf4bc46244

    • SHA256

      161e3b6200af955772e00be88646b3c6332faca2e9867eedd9c41cc5a1b62876

    • SHA512

      67896688ea410a2af33d3936dbf913e6b1941f826dc40cbe1bf29f96a0b8dc4b1595f7d1e74738de2bc891006f3327616a7f607d0adc077d62ac4a380f3e1d5b

    • SSDEEP

      49152:kTiDS2iZYJTg+uFfcdD+3GkdQFzhccnYmmAQd2:kmugO+6fV3GkdQdnhR

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks