Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Howl.exe

  • Size

    6.8MB

  • Sample

    240309-kc8wqsfa9v

  • MD5

    84712b72b66be083fb0c8e54bbcb436b

  • SHA1

    bf61a57ce268c925ce5752b8d286683c724f248f

  • SHA256

    5c50836734a697432d681edd8f8cff7cd4761342e5fb4e2247d03f3a613c5391

  • SHA512

    367e1fff8960ee47591eb2225ba519f71cbf210f29a5e199fe187e3ddc3a899354a84b68bdcb4835e856dd6c66baf2b572913668b4000fe84910dcc09384716b

  • SSDEEP

    98304:RcZkwN+MdA5wqMu8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoeZDJ1n6hBnLnW:RYV1BB6ylnlPzf+JiJCsmFMvNn6hVvTm

Malware Config

Targets

    • Target

      Howl.exe

    • Size

      6.8MB

    • MD5

      84712b72b66be083fb0c8e54bbcb436b

    • SHA1

      bf61a57ce268c925ce5752b8d286683c724f248f

    • SHA256

      5c50836734a697432d681edd8f8cff7cd4761342e5fb4e2247d03f3a613c5391

    • SHA512

      367e1fff8960ee47591eb2225ba519f71cbf210f29a5e199fe187e3ddc3a899354a84b68bdcb4835e856dd6c66baf2b572913668b4000fe84910dcc09384716b

    • SSDEEP

      98304:RcZkwN+MdA5wqMu8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoeZDJ1n6hBnLnW:RYV1BB6ylnlPzf+JiJCsmFMvNn6hVvTm

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks