a7261fa5f6c326242f1dbc3c8e551a3452cb9523c7372d2b413bae8155b7637c

Resubmissions

19-04-2024 17:02

240419-vkeb7saa45 7

Sharing

Copy URL

Twitter E-mail

General

Target

Vedani-Crypter-Vedani-Crypter.zip
Size

21.5MB
Sample

240419-vkeb7saa45
MD5

97e7ee43a667d0976655263954607581
SHA1

71b2254fe3f8cbe0de60514b1751f530fc563738
SHA256

a7261fa5f6c326242f1dbc3c8e551a3452cb9523c7372d2b413bae8155b7637c
SHA512

1693832c261158633f49d6bda43cfa663e368d39e5905c3de388a2aecb2b55bf2a54b4dd198d001e46bbc1bf9bca7f9ea841c66d4013247109f827ed951c2b73
SSDEEP

393216:klXIGBEqsBut1NrT5BGkAqaDvVjcRSzbN/5QLvxPmkB3zzHuvyotwqM76t/Mxq:k0ot1Nu13jcRthD0wqM72/Mw

Score

7^/10

Malware Config

Targets

- Target
  
  Vedani-Crypter-Vedani-Crypter/Vedani-Crypter/Vedani-Crypter.exe
- Size
  
  6.2MB
- MD5
  
  f982e40c831cac8ad143723b49990772
- SHA1
  
  e50f97163936e22cf9012b883f73a0eeaf4d90ad
- SHA256
  
  13a169db433164fda1023703b80b6dba5fbd1bb1b2fa37a71a0749024f783c2b
- SHA512
  
  6c1de77ae2e5376515ad278abdd2d539e9200b3bf1640174e721fef9a9bb2e8f87766b1d62e54917aaea331b839bcba798ca50ba06fa4f0602f12a75bcd63cc7
- SSDEEP
  
  98304:RM3epzb71QGQCPDbZfHayCb7BJ5mjwNwwMeZYobSr+v+Z5OwXbJ:RMsdQmRfaycBIGpEogMwXb
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Vedani-Crypter-Vedani-Crypter/Vedani-Crypter/XanderUI.dll
- Size
  
  185KB
- MD5
  
  b7498196f0a200cc729703e6127eb3cb
- SHA1
  
  1fb5e3127987b38c1e9309f7a65dd2f45a5f5754
- SHA256
  
  cdf2ff8c0970f4144500c81c5678055ded70c05285ba3d3ff04e44fa78d9ce64
- SHA512
  
  0922ebc190c7af93655c833b8e3ba3f98d49011dbbc822f633813d2e47db8b7f1a6a22fbfcb08d5fcebc11bd90a9d3392fe1c40af7391048c70d273ef17a86f1
- SSDEEP
  
  3072:uDcVO/mtFm8mO2PnOhVEeYmDjQj+O+R+Th8hQLpSfJc6AbD0bRQpk8N6aeDrFME1:u5MDjQj+OwEhMAbDQypk8NQ1lqx5XYdR
Score

1^/10
behavioral3 behavioral4
- Target
  
  Vedani-Crypter-Vedani-Crypter/Vedani-Crypter/libs/obsfucation.dat
- Size
  
  5.6MB
- MD5
  
  620286e072bfad6fab129ae7ab9d3c0d
- SHA1
  
  ff5f624806599ad7f13723de79cfc26655e71088
- SHA256
  
  59e748cf4cd7a88bd67c2d0a76ec797150ae317a288fb95c0eb648fa45ae8496
- SHA512
  
  73aa3e44853cd1573e9fc33a102d4e13de339d4b120b2967ef20de6ef523ff9340ec64a9fdb0b935bf1d83da5b702746fc01408058d9fd08d5830b5bbe39c49b
- SSDEEP
  
  98304:+wl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6UcZ6S:+bOuK6mn9NzgMoYkSIvUcwti7TQlvciG
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6
- Target
  
  Vedani-Crypter-Vedani-Crypter/Vedani-Crypter/libs/source.dat
- Size
  
  5.2MB
- MD5
  
  e7b448f71bfabbcf84fc5f7c8cc219a6
- SHA1
  
  fe5f861a03207da4fe6b4093bbdc5588e6a0fe07
- SHA256
  
  522497cf6abdb91e9d64e0bc2f0ddedab87f74eefccb43a9fe222cf4bba570f0
- SHA512
  
  c1a5f8008b5a421db803447d7b443c99bf081920347be1fa417279b3c1857362e262d32bab1b893684daa0cbb8a26735090d28efb188f81351889b7f56a48b06
- SSDEEP
  
  49152:ASC8LlBhwRPbfiEH+o+rRLxyFXVGgx2BpWISD9EJX1NpLR2tpdmFRsOYau9SkT8u:xTLHpEHN+VFyFVGg8BXlio67+r84fC
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8