Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
nebulawoofer.exe
-
Size
7.5MB
-
Sample
230829-ecw92shh23
-
MD5
2ed2b0c239657e30770e313fcf961f4b
-
SHA1
7f89b960b3ff4f0bb7e741bdd24979cf7389c730
-
SHA256
1a822663ff69e7d8646216ef5b33444d82fb2608d241598330b197cd383a2497
-
SHA512
479f36e6d2e4b9f0e8d457dfc0560dfc456b16a961c00b4381e13df4f92a6b3d2db6f638d11b015502ad695355037c3a139db86545a7cb88a50ed1f71f6d80e8
-
SSDEEP
196608:Ykseg9qoZKydna2ikJtNH35oJyxkGCzNGogikA3:YGg9qohdnxlJtN35oMxkPzXgikA3
Static task
static1
Malware Config
Targets
-
-
Target
nebulawoofer.exe
-
Size
7.5MB
-
MD5
2ed2b0c239657e30770e313fcf961f4b
-
SHA1
7f89b960b3ff4f0bb7e741bdd24979cf7389c730
-
SHA256
1a822663ff69e7d8646216ef5b33444d82fb2608d241598330b197cd383a2497
-
SHA512
479f36e6d2e4b9f0e8d457dfc0560dfc456b16a961c00b4381e13df4f92a6b3d2db6f638d11b015502ad695355037c3a139db86545a7cb88a50ed1f71f6d80e8
-
SSDEEP
196608:Ykseg9qoZKydna2ikJtNH35oJyxkGCzNGogikA3:YGg9qohdnxlJtN35oMxkPzXgikA3
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-