Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Cyber-Woofer.exe
-
Size
6.0MB
-
Sample
240228-24bhzsga93
-
MD5
0a0eff9e631e35601f07e712c0a08691
-
SHA1
4142a4d2cb2bc486a5483aeb23af8a8a834e0639
-
SHA256
972ed30e06111ccafbac7bd5305ead7cf350cf41d6c3135b573b6e1b0188ffc0
-
SHA512
fa66c2ce58eee5735c7735856a0ed6d86af4f92a55c4cc113401486c881bbd54e7fb7314c75f81bafab471e3ff6be78a5d31a73b23b32e1ab9fe979248261444
-
SSDEEP
98304:tGEtdFByfamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzegsRuGK4REBMb43J5sPTX:tlFMCeN/FJMIDJfagsAGK4REub5PTX
Static task
static1
Malware Config
Targets
-
-
Target
Cyber-Woofer.exe
-
Size
6.0MB
-
MD5
0a0eff9e631e35601f07e712c0a08691
-
SHA1
4142a4d2cb2bc486a5483aeb23af8a8a834e0639
-
SHA256
972ed30e06111ccafbac7bd5305ead7cf350cf41d6c3135b573b6e1b0188ffc0
-
SHA512
fa66c2ce58eee5735c7735856a0ed6d86af4f92a55c4cc113401486c881bbd54e7fb7314c75f81bafab471e3ff6be78a5d31a73b23b32e1ab9fe979248261444
-
SSDEEP
98304:tGEtdFByfamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzegsRuGK4REBMb43J5sPTX:tlFMCeN/FJMIDJfagsAGK4REub5PTX
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-