Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Cyber-Woofer.exe
-
Size
6.0MB
-
Sample
240228-25152agb38
-
MD5
0a0eff9e631e35601f07e712c0a08691
-
SHA1
4142a4d2cb2bc486a5483aeb23af8a8a834e0639
-
SHA256
972ed30e06111ccafbac7bd5305ead7cf350cf41d6c3135b573b6e1b0188ffc0
-
SHA512
fa66c2ce58eee5735c7735856a0ed6d86af4f92a55c4cc113401486c881bbd54e7fb7314c75f81bafab471e3ff6be78a5d31a73b23b32e1ab9fe979248261444
-
SSDEEP
98304:tGEtdFByfamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzegsRuGK4REBMb43J5sPTX:tlFMCeN/FJMIDJfagsAGK4REub5PTX
Static task
static1
Behavioral task
behavioral1
Sample
Cyber-Woofer.exe
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
Cyber-Woofer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
<CD(�1�.pyc
Resource
win10-20240221-en
Behavioral task
behavioral4
Sample
<CD(�1�.pyc
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Cyber-Woofer.exe
-
Size
6.0MB
-
MD5
0a0eff9e631e35601f07e712c0a08691
-
SHA1
4142a4d2cb2bc486a5483aeb23af8a8a834e0639
-
SHA256
972ed30e06111ccafbac7bd5305ead7cf350cf41d6c3135b573b6e1b0188ffc0
-
SHA512
fa66c2ce58eee5735c7735856a0ed6d86af4f92a55c4cc113401486c881bbd54e7fb7314c75f81bafab471e3ff6be78a5d31a73b23b32e1ab9fe979248261444
-
SSDEEP
98304:tGEtdFByfamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzegsRuGK4REBMb43J5sPTX:tlFMCeN/FJMIDJfagsAGK4REub5PTX
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
<CD(�1�.pyc
-
Size
857B
-
MD5
b2a81738717918b7aa362517c6e2ed6f
-
SHA1
cd5262deb9d26150701d2a74b832f2f3b51d48ce
-
SHA256
383443e1ac449c4309a6e2704aa0c7d5f7a0f61a000ec366c308540af5609c86
-
SHA512
e68118f7dd744098d9c5be77035badaeae51965fe55bae120ad9c2ee25ee5ba3b918f55b911348e2f48deafbf40c8b75cdf48bced8cff9a87fac4338db802b09
Score1/10 -