Overview
overview
10Static
static
7Badware Wo...ee.exe
windows7-x64
5Badware Wo...ee.exe
windows10-2004-x64
5Badware Wo...er.bat
windows7-x64
1Badware Wo...er.bat
windows10-2004-x64
1Badware Wo...er.exe
windows7-x64
9Badware Wo...er.exe
windows10-2004-x64
9Badware Wo...EL.exe
windows7-x64
9Badware Wo...EL.exe
windows10-2004-x64
9Badware Wo...er.exe
windows7-x64
10Badware Wo...er.exe
windows10-2004-x64
10Badware Wo...er.exe
windows7-x64
10Badware Wo...er.exe
windows10-2004-x64
10Badware Wo...er.exe
windows7-x64
9Badware Wo...er.exe
windows10-2004-x64
9Badware Wo...er.bat
windows7-x64
8Badware Wo...er.bat
windows10-2004-x64
8Badware Wo...er.bat
windows7-x64
1Badware Wo...er.bat
windows10-2004-x64
1Badware Wo...er.exe
windows7-x64
7Badware Wo...er.exe
windows10-2004-x64
10Badware Wo...ol.bat
windows7-x64
8Badware Wo...ol.bat
windows10-2004-x64
8General
-
Target
Badware Woofer.rar
-
Size
19.8MB
-
Sample
241112-jgx5cs1lbm
-
MD5
7dd73a470668736904a23a978c970e23
-
SHA1
365c1aeca7c531804edde2d6ba30732b4f921d9f
-
SHA256
a5cc8e6cb314a16986ad99066295f45622199ad94f93bb579cc5c74570783678
-
SHA512
1ac86ebd446b6e8c6984f48744e10bedb825e79467eac49e550564b90647a43cae4fccd13efce7ddc37db224979421ca39c3b395c9a7fa1ad1fe2ba281279328
-
SSDEEP
393216:CvBzcXuOaFlGZNQ9Ef8FGHBnXwn1vi0oUSxwIDBM4+DAlZYrWqSAh4Ax:g9bRzva8UHpgpmUSxwIp+DSYrWq/zx
Behavioral task
behavioral1
Sample
Badware Woofer/BadwareFree.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Badware Woofer/BadwareFree.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Badware Woofer/Serials_Checker.bat
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Badware Woofer/Serials_Checker.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Badware Woofer/cleaners/AppleCleaner.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Badware Woofer/cleaners/AppleCleaner.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Badware Woofer/cleaners/AppleS5-DEL.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Badware Woofer/cleaners/AppleS5-DEL.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Badware Woofer/cleaners/BadwareCleaner.exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
Badware Woofer/cleaners/BadwareCleaner.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Badware Woofer/cleaners/BadwareDeepCleaner.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Badware Woofer/cleaners/BadwareDeepCleaner.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Badware Woofer/cleaners/EventCleaner.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Badware Woofer/cleaners/EventCleaner.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Badware Woofer/cleaners/Fivem-Cleaner.bat
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Badware Woofer/cleaners/Fivem-Cleaner.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Badware Woofer/cleaners/FortniteCleaner.bat
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
Badware Woofer/cleaners/FortniteCleaner.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Badware Woofer/cleaners/NXTcleaner.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Badware Woofer/cleaners/NXTcleaner.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Badware Woofer/cleaners/full deep cleaner by nigga mhatt lol.bat
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
Badware Woofer/BadwareFree.exe
-
Size
7.2MB
-
MD5
6ec04fa24f0695f286801366108942f3
-
SHA1
309ee6a08c8ab0159dc3137865b6cfeb9f3e4e04
-
SHA256
ae27243a53f4c399aeb6bb39e67fa79f8378d51ef6b4fef9263791ec1acb6e78
-
SHA512
d835f387bb19b353f58eb72a94c2b32857826f3f1322c7b5be253a6dc3b2c6a9cf4cd0340ab001df74092899346bd0e4d1dfa8c5c8d77a2893b418311103a6b5
-
SSDEEP
98304:cMYzS+CQQ4vBmVK0Psj6+qU483Aj9urJBSzrAhzZVT6e3JKPfjV4ZTNy6oeZ2gCc:KS4qKsW80FIryV4fZo0/
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Badware Woofer/Serials_Checker.bat
-
Size
862B
-
MD5
70b7863d0ca809751200f9300cd21033
-
SHA1
8f9fca90e24ec21c00b539b82256ed6cd9712ea8
-
SHA256
ed63d2195825398b5523fcd9cd312b775c0fe3f4cc0472c9f06edeb8f32c325d
-
SHA512
d5d7d05d5e1861b88ce660c9a2939a3a7891a1e70d65171b347908b8e1c9ece9223b487fddc34a1f100e8401d2d441b1488bb7728caab47075c90fc0448041b6
Score1/10 -
-
-
Target
Badware Woofer/cleaners/AppleCleaner.exe
-
Size
3.6MB
-
MD5
da2176757b2fead6539243b42057cb3c
-
SHA1
e14195bd4066e90c821caabd6ca63a173c1ca802
-
SHA256
1a62ed192ff4a7bd746fa24c8d7cd96578a4c7e9f0d4a6651a2a3d0baff9c433
-
SHA512
b9d13ecd8679064bc4cd9dbd823ba5367aebe13177c9ed5e6c6c40d70823ed32977bd40cde73ccfaa49f6f32b19b4f06f9396beb145bd774891d4290873c735d
-
SSDEEP
98304:gmQu0iNucsADierKQYRc4sNHOZjKg5tkdv+HR5+a:fQabDieOQ944HOZjp5tkx+x3
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Badware Woofer/cleaners/AppleS5-DEL.exe
-
Size
3.1MB
-
MD5
6af7ea6d60309e7a05339a72accc2074
-
SHA1
1ccfcccae4a481c29c8b142715a9dee070918df9
-
SHA256
eb8302fbd0a3eda7620c0af1728a5d151afe1648d07525862c3701fc34c36d63
-
SHA512
bd5e87af04689d7ba11f4d08dae3396de3260d0af8d5813a664bce4b4105f1721b2cbddfc3c8bfb1013f357581b2841790ae523213fa5487c9b39b12198bdc2d
-
SSDEEP
49152:WMn54uFpQJqpleSBtthqtwRTJP8fOa9pu75KEpIj4ZVCbshPW6G9VSpnZ:AJmeqt31qOaPIUEnbOePWv3gZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Badware Woofer/cleaners/BadwareCleaner.exe
-
Size
3.3MB
-
MD5
5f876b340b56f98e820816ec05e56d34
-
SHA1
3bcdb73f1672e21776cf0ce0c96c8d5496f91586
-
SHA256
08cf4a012c0aab62dc068e7a20fd1582f215f927c4185481da60ada9b636d282
-
SHA512
52497f6e6235da94dcfd84570df876905102e60b5ef030a6f445649c7b789574b09794a47640c27dc4d78fea0efd67cf1578532c8112ae24057da06091901cb9
-
SSDEEP
49152:kKtU2HL/scLu2asJ5RGCBF1hdgKtS5jwiCmNAlNsYmYmWA5IxfRU2Sph0afojHBX:BtqfsrgqSKA5jJCuAluvWA6fUD+0oB
-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Badware Woofer/cleaners/BadwareDeepCleaner.exe
-
Size
771KB
-
MD5
344806d69d5895c4a178cb32278ca18f
-
SHA1
dac2dee6f31fe824cc639ccde87be0c83687e1a3
-
SHA256
5e7647b583e649e29af7662c858cac16041a8088e6f5deffa6f1d0148f460476
-
SHA512
2377db2048e1aeaea71b79d2fdf2090789c7c5d73cf0e02727e7c7ac6d9b024e6bcb4b40744bb5dd8166620e6a735b60c6cf7f3fccb39e27c309f988351c71fd
-
SSDEEP
24576:PP+pvZyI9oiJfJulj1CBMeIFjKuQdGhSaApNrWSvUghmjpoVb3/k2JPQIFfUnI8M:X+pxNoxlj1CBMeIFjKuQdGhSaApNrWS0
-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
-
-
Target
Badware Woofer/cleaners/EventCleaner.exe
-
Size
219KB
-
MD5
9353ed7c3ba8e2417ce2664ae7afac16
-
SHA1
05699a2a2792795db1d8f59273172ad80bdc8b06
-
SHA256
069b31cb7f9054647b684da4fc5263fa690e32d75729ec6b5c808b0c532b9628
-
SHA512
cb456c14c9ef6f49a92c989668bedb423e4020b761e627c4d67f90e855e9385d58cf0d1e024a0c728126cccdad2836615d23cd3011a8447470482ca939795262
-
SSDEEP
6144:Qtzsb5Uh28+V1WW69B9VjMdxPedN9ug0z9TB9SmDqzW:QtzE5elwLz9TrVeW
Score9/10-
Clears Windows event logs
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
-
-
Target
Badware Woofer/cleaners/Fivem-Cleaner.bat
-
Size
1KB
-
MD5
74e7b9574aea7d121519ceaa8f5cb522
-
SHA1
97b634ef75ce87383ec4d5344e84e7abda65a523
-
SHA256
2e4462f3d686ccfff602b779941ff385144ed683d638b2ed49d552f88df88639
-
SHA512
a7dec954de38bb44478c0cec51fdb111f98ecd02587dd25dfb46a641cdc3c95554985216d5dff8cc81a077c2d1808061e033a4a30084d948226917c4ed98913a
-
Drops file in Drivers directory
-
-
-
Target
Badware Woofer/cleaners/FortniteCleaner.bat
-
Size
1.5MB
-
MD5
2429db21a224c48fa6b17e55a6762328
-
SHA1
f86eb0c2de25e8970add83b66253d3f18b0994e1
-
SHA256
365685c1e71944bc955c6be46cc33a44099bcb0f8c625228e89445f18866b778
-
SHA512
0487e79a9b2b427f8c0e5bb860e78039bcf29626bd58ad8190df858fcfa130d15add3fcd350cdadaccbc1d2e13f822dab76e418029d692d2ccd972594b4c0e23
-
SSDEEP
49152:9TOB4ynYygOvXsMruROZyUpWvWOLZkORn:b
Score1/10 -
-
-
Target
Badware Woofer/cleaners/NXTcleaner.exe
-
Size
3.2MB
-
MD5
644399a0aff07bd4f7dc1eb5aa5c0236
-
SHA1
243f1f7bb95af8d3c44a270772f408c6febb06af
-
SHA256
5d101b2efae1e9390ac98e014a05d54338ec45cd73ff5dd70842877910f7b758
-
SHA512
73db539182c67d18b4e491966672876054cdeaae9d5ac024f1991a0551aea74867d9f1df7487655a5c9089553b967c09f558b02e33ec0cc015b6587fd5eb2508
-
SSDEEP
49152:MVmDUcyg2ImpoHJSt6Ia+CZEV2o8vMT3/nwlU5igpWV7JEW8np2Klad4j0Vs:MsgcypOSUI+qmJo+QZladTV
-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
-
-
Target
Badware Woofer/cleaners/full deep cleaner by nigga mhatt lol.bat
-
Size
902KB
-
MD5
602ac0bd731b2615933dde1442e96ff7
-
SHA1
586be9b5bb086aa301eea7df5ee998390756b912
-
SHA256
97c781dfaa813232a8d13f7dcdfd1490f355ab85823b2cd73b9dd259d3a1ad07
-
SHA512
d5cee12b3c99cae442808c463636faa0f96cdae24d6caff13fd5e27a40f74ce58cd15f43430d5ebd15d968588d491dee17bb31b3f7c19ed7d55e2882a25d30eb
-
SSDEEP
3072:kOW9mafKzoz3g8gzRnvplYSc5mzozEzoz6zozn:5ykyuykyn
-
Deletes itself
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
1System Services
1Service Execution
1Windows Management Instrumentation
1Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Power Settings
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Direct Volume Access
1Impair Defenses
2Disable or Modify System Firewall
1Indicator Removal
4Clear Windows Event Logs
1File Deletion
3Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Virtualization/Sandbox Evasion
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
8System Information Discovery
9System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1Virtualization/Sandbox Evasion
1