Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Howl.exe
-
Size
6.8MB
-
Sample
240309-kc8wqsfa9v
-
MD5
84712b72b66be083fb0c8e54bbcb436b
-
SHA1
bf61a57ce268c925ce5752b8d286683c724f248f
-
SHA256
5c50836734a697432d681edd8f8cff7cd4761342e5fb4e2247d03f3a613c5391
-
SHA512
367e1fff8960ee47591eb2225ba519f71cbf210f29a5e199fe187e3ddc3a899354a84b68bdcb4835e856dd6c66baf2b572913668b4000fe84910dcc09384716b
-
SSDEEP
98304:RcZkwN+MdA5wqMu8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoeZDJ1n6hBnLnW:RYV1BB6ylnlPzf+JiJCsmFMvNn6hVvTm
Malware Config
Targets
-
-
Target
Howl.exe
-
Size
6.8MB
-
MD5
84712b72b66be083fb0c8e54bbcb436b
-
SHA1
bf61a57ce268c925ce5752b8d286683c724f248f
-
SHA256
5c50836734a697432d681edd8f8cff7cd4761342e5fb4e2247d03f3a613c5391
-
SHA512
367e1fff8960ee47591eb2225ba519f71cbf210f29a5e199fe187e3ddc3a899354a84b68bdcb4835e856dd6c66baf2b572913668b4000fe84910dcc09384716b
-
SSDEEP
98304:RcZkwN+MdA5wqMu8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoeZDJ1n6hBnLnW:RYV1BB6ylnlPzf+JiJCsmFMvNn6hVvTm
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-