Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-11-06_a99d506cddadbf72ddd915a667760a72_ryuk
-
Size
3.6MB
-
Sample
241106-r3f2zasbla
-
MD5
a99d506cddadbf72ddd915a667760a72
-
SHA1
78349369dddd5b675f512eca793d12b5a223764d
-
SHA256
c34ec4d2e496f8e6e77b3b99cf3302756d447966f1d0d1795fac13f7d352e2eb
-
SHA512
693e88969adfae896be7d1a5e4637181c4ac4ee6abaf3f43fb7b70dc2587db905120d61895ba09f05151d35b6ca9bdd806d6dd55c2e3196e02c91bab01d98081
-
SSDEEP
24576:bw317sPycp8nCB3CDX2FeYRaGoIc/txOBRVxq5WyfU0AVsG0NvoSjdw0Hbtxqo9S:bByPnI8YPcFYziWBf5Adwjou
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-06_a99d506cddadbf72ddd915a667760a72_ryuk.exe
Resource
win7-20240903-en
Malware Config
Extracted
meduza
89.22.239.174
-
anti_dbg
true
-
anti_vm
true
-
build_name
kapnov
-
extensions
.txt
-
grabber_max_size
4.194304e+06
-
port
15666
-
self_destruct
false
Targets
-
-
Target
2024-11-06_a99d506cddadbf72ddd915a667760a72_ryuk
-
Size
3.6MB
-
MD5
a99d506cddadbf72ddd915a667760a72
-
SHA1
78349369dddd5b675f512eca793d12b5a223764d
-
SHA256
c34ec4d2e496f8e6e77b3b99cf3302756d447966f1d0d1795fac13f7d352e2eb
-
SHA512
693e88969adfae896be7d1a5e4637181c4ac4ee6abaf3f43fb7b70dc2587db905120d61895ba09f05151d35b6ca9bdd806d6dd55c2e3196e02c91bab01d98081
-
SSDEEP
24576:bw317sPycp8nCB3CDX2FeYRaGoIc/txOBRVxq5WyfU0AVsG0NvoSjdw0Hbtxqo9S:bByPnI8YPcFYziWBf5Adwjou
-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-