a2861b6d8acb7e3d0f121f882a2b05ae5fa8bfca5c69dab4be35306d54dbdd4d | Triage

Submit
Reports

Overview

overview

7

Static

static

3

Nebula Fre...er.exe

windows7-x64

3

Nebula Fre...er.exe

windows10-2004-x64

7

Sharing

General

Target

Nebula Free Woofer.exe
Size

2.0MB
Sample

241119-q9cgpaxeml
MD5

309ba3aad6f80edfad72827ac32c2194
SHA1

7545c5cdb8ea5189ca663589b333aa6b0eb1689f
SHA256

a2861b6d8acb7e3d0f121f882a2b05ae5fa8bfca5c69dab4be35306d54dbdd4d
SHA512

66780fe27023775f4100380ef88abb72cdfa6388f0b59e44ddcb30ba43a668c28dec4481042cb132590be12469afc5503a17922dfc689bca477697415006a8b5
SSDEEP

49152:loVAwYICFXDKQIMF9QwlMaVBvdVheJJbSJsfJYFovA:loVAwzCNWvMFuKMyBv5eJ12T

Score

7^/10

defense_evasion discovery execution persistence privilege_escalation

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Nebula Free Woofer.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Nebula Free Woofer.exe

Resource

win10v2004-20241007-en

defense_evasion discovery execution persistence privilege_escalation

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Nebula Free Woofer.exe
- Size
  
  2.0MB
- MD5
  
  309ba3aad6f80edfad72827ac32c2194
- SHA1
  
  7545c5cdb8ea5189ca663589b333aa6b0eb1689f
- SHA256
  
  a2861b6d8acb7e3d0f121f882a2b05ae5fa8bfca5c69dab4be35306d54dbdd4d
- SHA512
  
  66780fe27023775f4100380ef88abb72cdfa6388f0b59e44ddcb30ba43a668c28dec4481042cb132590be12469afc5503a17922dfc689bca477697415006a8b5
- SSDEEP
  
  49152:loVAwYICFXDKQIMF9QwlMaVBvdVheJJbSJsfJYFovA:loVAwzCNWvMFuKMyBv5eJ12T
Score

7^/10

discovery defense_evasion execution persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Hide Artifacts

Ignore Process Interrupts

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryexecutionpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy