Overview
overview
10Static
static
3Vedani-Cry...er.zip
windows7-x64
1Vedani-Cry...er.zip
windows10-2004-x64
1Vedani-Cry...ICENSE
windows7-x64
1Vedani-Cry...ICENSE
windows10-2004-x64
1Vedani-Cry...DME.md
windows7-x64
3Vedani-Cry...DME.md
windows10-2004-x64
3Vedani-Cry...al.mp4
windows7-x64
1Vedani-Cry...al.mp4
windows10-2004-x64
6Vedani-Cry...er.exe
windows7-x64
7Vedani-Cry...er.exe
windows10-2004-x64
10test.pyc
windows7-x64
3test.pyc
windows10-2004-x64
3Vedani-Cry...UI.dll
windows7-x64
1Vedani-Cry...UI.dll
windows10-2004-x64
1Vedani-Cry...on.exe
windows7-x64
9Vedani-Cry...on.exe
windows10-2004-x64
10Vedani-Cry...ce.exe
windows7-x64
1Vedani-Cry...ce.exe
windows10-2004-x64
1General
-
Target
Vedani-Crypter-Lifetime-Activated-vedani-crypter.zip
-
Size
21.5MB
-
Sample
240901-rc198asern
-
MD5
9b612619b33655c48129ee699dcaed21
-
SHA1
9cf50756e294db99146ec117d256180def208afd
-
SHA256
4918d0136cfa5fd6b2cdca204444d7676d9f86b8fba1491b9e996a06f4192eac
-
SHA512
981b309802fd068feeefd048f7e3058bbdd5543a0ab118196efdc0f865b3882217c303dc1cd7443488c79e6bbdf24bd70623834ae36e9df215334c9e6f452910
-
SSDEEP
393216:AlXIGBEqsBut1NrT5BGkAqaD5VjcRSzbNPmRTzOyS7a2KRNhgn4DPyotwqM76t/p:A0ot1Nu1xjcR/ZQmvTwqM72/ME
Behavioral task
behavioral1
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter.zip
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/LICENSE
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/LICENSE
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/README.md
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/README.md
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/Tutorial.mp4
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/Tutorial.mp4
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/Vedani-Crypter.exe
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/Vedani-Crypter.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
test.pyc
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
test.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/XanderUI.dll
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/XanderUI.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/libs/obsfucation.exe
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/libs/obsfucation.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/libs/source.exe
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/libs/source.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
gurcu
https://api.telegram.org/bot6840643388:AAFx-w02hvJE3j8QWzCipTXQ-j2gGH45m_Y/sendDocument?chat_id=2024893777&caption=%F0%9F%93%82%20-%20Browser%20data%0A%E2%94%9C%E2%94%80%E2%94%80%20%F0%9F%93%82%20-%20cookies(0%20kb
https://api.telegram.org/bot6840643388:AAFx-w02hvJE3j8QWzCipTXQ-j2gGH45m_Y/sendMessage?chat_id=2024893777
https://api.telegram.org/bot6840643388:AAFx-w02hvJE3j8QWzCipTXQ-j2gGH45m_Y/getUpdates?offset=-
https://api.telegram.org/bot6840643388:AAFx-w02hvJE3j8QWzCipTXQ-j2gGH45m_Y/sendDocument?chat_id=2024893777&caption=%F0%9F%93%B8Screenshot%20take
Targets
-
-
Target
Vedani-Crypter-Lifetime-Activated-vedani-crypter.zip
-
Size
21.5MB
-
MD5
9b612619b33655c48129ee699dcaed21
-
SHA1
9cf50756e294db99146ec117d256180def208afd
-
SHA256
4918d0136cfa5fd6b2cdca204444d7676d9f86b8fba1491b9e996a06f4192eac
-
SHA512
981b309802fd068feeefd048f7e3058bbdd5543a0ab118196efdc0f865b3882217c303dc1cd7443488c79e6bbdf24bd70623834ae36e9df215334c9e6f452910
-
SSDEEP
393216:AlXIGBEqsBut1NrT5BGkAqaD5VjcRSzbNPmRTzOyS7a2KRNhgn4DPyotwqM76t/p:A0ot1Nu1xjcR/ZQmvTwqM72/ME
Score1/10 -
-
-
Target
Vedani-Crypter-Lifetime-Activated-vedani-crypter/LICENSE
-
Size
1KB
-
MD5
bdf7d963ee735052782197286d93cb2d
-
SHA1
7830cc7bc7a96a7aebd06055082f5e6d9843e7c8
-
SHA256
73ba901ef2ae3d89d55362e92dad06d1182542c5f740be2098e5ed82095f37b6
-
SHA512
1838a013d77458974829ab7f0fa7bca4221f300323f2cb9272009df35cfdfa868da150dfc674ff1e877387438f8483df2312d0c42e643073a03b6687a77b143e
Score1/10 -
-
-
Target
Vedani-Crypter-Lifetime-Activated-vedani-crypter/README.md
-
Size
518B
-
MD5
1ef1b10772beddb317d01e565c007e0d
-
SHA1
b8f8e66a806b5cb57a125730c70eb3da2dc0f543
-
SHA256
09c769ec0ce7a58f798994e447c7a5164fcf6be2bed1041d9c0ea5817a7d7ced
-
SHA512
4cf56ccbe6a15bde7653ccc6be1d17621448c9ebb22c3f909509262704900e07a960843174f5d8299ebb2e0d137955df68fd79b6889fc75e15dee0c7863aa3ef
Score3/10 -
-
-
Target
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/Tutorial.mp4
-
Size
9.0MB
-
MD5
16bc44c0f15b318d59b6c7aeab1d4147
-
SHA1
afce70ee4b4a214f1ead730ef639e7589de1e0d0
-
SHA256
a39741d4f3aefa5f1722cedf50c9f6029af26c357b537a6ec5ec4a2ddb728269
-
SHA512
5a3cc76f7cfa7a9f8de2b032cccf6c24d33bcf2a8848dbf17328447819e59f139c043ab442cffb1d9639050ad9d3fa82ff3e8c93403e7ddfbcc2385c83d90d40
-
SSDEEP
196608:HWzTVkH2EpJD9AX5hkxk4konPvW8Q5iOY75DBCbLqEidX+w1tg:uVkHlJD2rkxk4/nPu8uildkL+Ftg
Score6/10-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/Vedani-Crypter.exe
-
Size
6.2MB
-
MD5
f982e40c831cac8ad143723b49990772
-
SHA1
e50f97163936e22cf9012b883f73a0eeaf4d90ad
-
SHA256
13a169db433164fda1023703b80b6dba5fbd1bb1b2fa37a71a0749024f783c2b
-
SHA512
6c1de77ae2e5376515ad278abdd2d539e9200b3bf1640174e721fef9a9bb2e8f87766b1d62e54917aaea331b839bcba798ca50ba06fa4f0602f12a75bcd63cc7
-
SSDEEP
98304:RM3epzb71QGQCPDbZfHayCb7BJ5mjwNwwMeZYobSr+v+Z5OwXbJ:RMsdQmRfaycBIGpEogMwXb
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
test.pyc
-
Size
883B
-
MD5
9829a76c392c1eff6118cfa867a59740
-
SHA1
dda3868565de67012f306ea550a26bcdc440126c
-
SHA256
cad358179be1bc7745ee7cb2fea6f0131d3f7ef7ec1df7767379e1fffbd1e629
-
SHA512
3580bc1618967038c6527c8d17713240a6e34cf2f1382a1e1f756b1bc0595d7d90847677d3c0cd90358588aa6bbc56e871a57ca5bbbe725d2dade8e50c0fb499
Score3/10 -
-
-
Target
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/XanderUI.dll
-
Size
185KB
-
MD5
b7498196f0a200cc729703e6127eb3cb
-
SHA1
1fb5e3127987b38c1e9309f7a65dd2f45a5f5754
-
SHA256
cdf2ff8c0970f4144500c81c5678055ded70c05285ba3d3ff04e44fa78d9ce64
-
SHA512
0922ebc190c7af93655c833b8e3ba3f98d49011dbbc822f633813d2e47db8b7f1a6a22fbfcb08d5fcebc11bd90a9d3392fe1c40af7391048c70d273ef17a86f1
-
SSDEEP
3072:uDcVO/mtFm8mO2PnOhVEeYmDjQj+O+R+Th8hQLpSfJc6AbD0bRQpk8N6aeDrFME1:u5MDjQj+OwEhMAbDQypk8NQ1lqx5XYdR
Score1/10 -
-
-
Target
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/libs/obsfucation.dat
-
Size
5.6MB
-
MD5
612173309c257f2385cdc05c2f8f4ecc
-
SHA1
e27c24d9a54df063a2cc22e687c9e5f08e0181cb
-
SHA256
c9a0aea64ee81d3914980c968f2da7e45b17d008e81576b25fbc3c8415d1d899
-
SHA512
79dad7c537b6573da25627c9379a562db337040c1f845e7cdb5cebe27c232f27476e2ab356353c571b617723aac61c869ebc1758615b32cad87fbfac1deb9d8b
-
SSDEEP
98304:52Zl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Uc:5fOuK6mn9NzgMoYkSIvUcwti7TQlvciE
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
Vedani-Crypter-Lifetime-Activated-vedani-crypter/Vedani-Crypter/libs/source.dat
-
Size
5.2MB
-
MD5
e7b448f71bfabbcf84fc5f7c8cc219a6
-
SHA1
fe5f861a03207da4fe6b4093bbdc5588e6a0fe07
-
SHA256
522497cf6abdb91e9d64e0bc2f0ddedab87f74eefccb43a9fe222cf4bba570f0
-
SHA512
c1a5f8008b5a421db803447d7b443c99bf081920347be1fa417279b3c1857362e262d32bab1b893684daa0cbb8a26735090d28efb188f81351889b7f56a48b06
-
SSDEEP
49152:ASC8LlBhwRPbfiEH+o+rRLxyFXVGgx2BpWISD9EJX1NpLR2tpdmFRsOYau9SkT8u:xTLHpEHN+VFyFVGg8BXlio67+r84fC
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1