Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Cyber-Woofer.exe

windows10-1703-x64

10

Cyber-Woofer.exe

windows10-2004-x64

7

<CD(�1�.pyc

windows10-1703-x64

<CD(�1�.pyc

windows10-2004-x64

Resubmissions

28/02/2024, 23:10

240228-25152agb38 10

28/02/2024, 23:07

240228-24bhzsga93 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cyber-Woofer.exe

  • Size

    6.0MB

  • Sample

    240228-25152agb38

  • MD5

    0a0eff9e631e35601f07e712c0a08691

  • SHA1

    4142a4d2cb2bc486a5483aeb23af8a8a834e0639

  • SHA256

    972ed30e06111ccafbac7bd5305ead7cf350cf41d6c3135b573b6e1b0188ffc0

  • SHA512

    fa66c2ce58eee5735c7735856a0ed6d86af4f92a55c4cc113401486c881bbd54e7fb7314c75f81bafab471e3ff6be78a5d31a73b23b32e1ab9fe979248261444

  • SSDEEP

    98304:tGEtdFByfamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzegsRuGK4REBMb43J5sPTX:tlFMCeN/FJMIDJfagsAGK4REub5PTX

Score
10/10
evasionspywarestealerupx

Malware Config

Targets

    • Target

      Cyber-Woofer.exe

    • Size

      6.0MB

    • MD5

      0a0eff9e631e35601f07e712c0a08691

    • SHA1

      4142a4d2cb2bc486a5483aeb23af8a8a834e0639

    • SHA256

      972ed30e06111ccafbac7bd5305ead7cf350cf41d6c3135b573b6e1b0188ffc0

    • SHA512

      fa66c2ce58eee5735c7735856a0ed6d86af4f92a55c4cc113401486c881bbd54e7fb7314c75f81bafab471e3ff6be78a5d31a73b23b32e1ab9fe979248261444

    • SSDEEP

      98304:tGEtdFByfamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzegsRuGK4REBMb43J5sPTX:tlFMCeN/FJMIDJfagsAGK4REub5PTX

    Score
    10/10
    evasionspywarestealerupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      <CD(�1�.pyc

    • Size

      857B

    • MD5

      b2a81738717918b7aa362517c6e2ed6f

    • SHA1

      cd5262deb9d26150701d2a74b832f2f3b51d48ce

    • SHA256

      383443e1ac449c4309a6e2704aa0c7d5f7a0f61a000ec366c308540af5609c86

    • SHA512

      e68118f7dd744098d9c5be77035badaeae51965fe55bae120ad9c2ee25ee5ba3b918f55b911348e2f48deafbf40c8b75cdf48bced8cff9a87fac4338db802b09

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks