Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    nebulawoofer.exe

  • Size

    7.5MB

  • Sample

    230829-ecw92shh23

  • MD5

    2ed2b0c239657e30770e313fcf961f4b

  • SHA1

    7f89b960b3ff4f0bb7e741bdd24979cf7389c730

  • SHA256

    1a822663ff69e7d8646216ef5b33444d82fb2608d241598330b197cd383a2497

  • SHA512

    479f36e6d2e4b9f0e8d457dfc0560dfc456b16a961c00b4381e13df4f92a6b3d2db6f638d11b015502ad695355037c3a139db86545a7cb88a50ed1f71f6d80e8

  • SSDEEP

    196608:Ykseg9qoZKydna2ikJtNH35oJyxkGCzNGogikA3:YGg9qohdnxlJtN35oMxkPzXgikA3

Score
8/10

Malware Config

Targets

    • Target

      nebulawoofer.exe

    • Size

      7.5MB

    • MD5

      2ed2b0c239657e30770e313fcf961f4b

    • SHA1

      7f89b960b3ff4f0bb7e741bdd24979cf7389c730

    • SHA256

      1a822663ff69e7d8646216ef5b33444d82fb2608d241598330b197cd383a2497

    • SHA512

      479f36e6d2e4b9f0e8d457dfc0560dfc456b16a961c00b4381e13df4f92a6b3d2db6f638d11b015502ad695355037c3a139db86545a7cb88a50ed1f71f6d80e8

    • SSDEEP

      196608:Ykseg9qoZKydna2ikJtNH35oJyxkGCzNGogikA3:YGg9qohdnxlJtN35oMxkPzXgikA3

    Score
    8/10
    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks