972ed30e06111ccafbac7bd5305ead7cf350cf41d6c3135b573b6e1b0188ffc0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Cyber-Woofer.exe

windows10-1703-x64

Resubmissions

28/02/2024, 23:10

240228-25152agb38 10

28/02/2024, 23:07

240228-24bhzsga93 10

Sharing

General

Target

Cyber-Woofer.exe
Size

6.0MB
Sample

240228-24bhzsga93
MD5

0a0eff9e631e35601f07e712c0a08691
SHA1

4142a4d2cb2bc486a5483aeb23af8a8a834e0639
SHA256

972ed30e06111ccafbac7bd5305ead7cf350cf41d6c3135b573b6e1b0188ffc0
SHA512

fa66c2ce58eee5735c7735856a0ed6d86af4f92a55c4cc113401486c881bbd54e7fb7314c75f81bafab471e3ff6be78a5d31a73b23b32e1ab9fe979248261444
SSDEEP

98304:tGEtdFByfamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzegsRuGK4REBMb43J5sPTX:tlFMCeN/FJMIDJfagsAGK4REub5PTX

Score

10^/10

evasion spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Cyber-Woofer.exe

Resource

win10-20240221-en

evasion spyware stealer upx

windows10-1703-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  Cyber-Woofer.exe
- Size
  
  6.0MB
- MD5
  
  0a0eff9e631e35601f07e712c0a08691
- SHA1
  
  4142a4d2cb2bc486a5483aeb23af8a8a834e0639
- SHA256
  
  972ed30e06111ccafbac7bd5305ead7cf350cf41d6c3135b573b6e1b0188ffc0
- SHA512
  
  fa66c2ce58eee5735c7735856a0ed6d86af4f92a55c4cc113401486c881bbd54e7fb7314c75f81bafab471e3ff6be78a5d31a73b23b32e1ab9fe979248261444
- SSDEEP
  
  98304:tGEtdFByfamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzegsRuGK4REBMb43J5sPTX:tlFMCeN/FJMIDJfagsAGK4REub5PTX
Score

10^/10

evasion spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealerupx

© 2018-2025

Terms | Privacy