Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Vedani-Cry...in.zip

windows11-21h2-x64

10

Vedani-Cry...er.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Vedani-Crypter-main.zip

  • Size

    21.1MB

  • Sample

    231129-qyesnsge64

  • MD5

    a3f3ea4d475e05117935670538ef8998

  • SHA1

    f220c1e554c0c9dc1c37c84439e553100c404447

  • SHA256

    bd6dfb18eebaf844e83dc48d2030cd8576434b4a4384b9d98ad6496a96da5138

  • SHA512

    824336f1ef566d7d1c6efe5f0db41a19baa0c1bd46685ee403689d4d7fa773cea369f7cc98ffb5c1e70651bc552c3b2ca96d8ce590975e0a357066e05c9d5ff8

  • SSDEEP

    393216:olXIGBEqsBut1NrT5BGkAqaDUVjcRSzbNVWi2Hj6sAXptAlrEIcL64ryotwqM761:o0ot1Nu1ejcRWl2Hj6sUpalSwqM72/Mm

Score
10/10
milleniumratpersistencepyinstallerratspywarestealer

Malware Config

Targets

    • Target

      Vedani-Crypter-main.zip

    • Size

      21.1MB

    • MD5

      a3f3ea4d475e05117935670538ef8998

    • SHA1

      f220c1e554c0c9dc1c37c84439e553100c404447

    • SHA256

      bd6dfb18eebaf844e83dc48d2030cd8576434b4a4384b9d98ad6496a96da5138

    • SHA512

      824336f1ef566d7d1c6efe5f0db41a19baa0c1bd46685ee403689d4d7fa773cea369f7cc98ffb5c1e70651bc552c3b2ca96d8ce590975e0a357066e05c9d5ff8

    • SSDEEP

      393216:olXIGBEqsBut1NrT5BGkAqaDUVjcRSzbNVWi2Hj6sAXptAlrEIcL64ryotwqM761:o0ot1Nu1ejcRWl2Hj6sUpalSwqM72/Mm

    Score
    10/10
    milleniumratpersistenceratspywarestealer

    • MilleniumRat

      MilleniumRat is a remote access trojan written in C#.

      ratstealermilleniumrat

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      Vedani-Crypter-main/Vedani-Crypter/Vedani-Crypter.exe

    • Size

      6.2MB

    • MD5

      f982e40c831cac8ad143723b49990772

    • SHA1

      e50f97163936e22cf9012b883f73a0eeaf4d90ad

    • SHA256

      13a169db433164fda1023703b80b6dba5fbd1bb1b2fa37a71a0749024f783c2b

    • SHA512

      6c1de77ae2e5376515ad278abdd2d539e9200b3bf1640174e721fef9a9bb2e8f87766b1d62e54917aaea331b839bcba798ca50ba06fa4f0602f12a75bcd63cc7

    • SSDEEP

      98304:RM3epzb71QGQCPDbZfHayCb7BJ5mjwNwwMeZYobSr+v+Z5OwXbJ:RMsdQmRfaycBIGpEogMwXb

    Score
    10/10
    milleniumratpersistenceratspywarestealer

    • MilleniumRat

      MilleniumRat is a remote access trojan written in C#.

      ratstealermilleniumrat

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks