Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

28/02/2024, 23:10

240228-25152agb38 10

28/02/2024, 23:07

240228-24bhzsga93 10

General

  • Target

    Cyber-Woofer.exe

  • Size

    6.0MB

  • Sample

    240228-24bhzsga93

  • MD5

    0a0eff9e631e35601f07e712c0a08691

  • SHA1

    4142a4d2cb2bc486a5483aeb23af8a8a834e0639

  • SHA256

    972ed30e06111ccafbac7bd5305ead7cf350cf41d6c3135b573b6e1b0188ffc0

  • SHA512

    fa66c2ce58eee5735c7735856a0ed6d86af4f92a55c4cc113401486c881bbd54e7fb7314c75f81bafab471e3ff6be78a5d31a73b23b32e1ab9fe979248261444

  • SSDEEP

    98304:tGEtdFByfamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzegsRuGK4REBMb43J5sPTX:tlFMCeN/FJMIDJfagsAGK4REub5PTX

Malware Config

Targets

    • Target

      Cyber-Woofer.exe

    • Size

      6.0MB

    • MD5

      0a0eff9e631e35601f07e712c0a08691

    • SHA1

      4142a4d2cb2bc486a5483aeb23af8a8a834e0639

    • SHA256

      972ed30e06111ccafbac7bd5305ead7cf350cf41d6c3135b573b6e1b0188ffc0

    • SHA512

      fa66c2ce58eee5735c7735856a0ed6d86af4f92a55c4cc113401486c881bbd54e7fb7314c75f81bafab471e3ff6be78a5d31a73b23b32e1ab9fe979248261444

    • SSDEEP

      98304:tGEtdFByfamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzegsRuGK4REBMb43J5sPTX:tlFMCeN/FJMIDJfagsAGK4REub5PTX

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks