Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-11-06_a99d506cddadbf72ddd915a667760a72_ryuk

  • Size

    3.6MB

  • Sample

    241106-r3f2zasbla

  • MD5

    a99d506cddadbf72ddd915a667760a72

  • SHA1

    78349369dddd5b675f512eca793d12b5a223764d

  • SHA256

    c34ec4d2e496f8e6e77b3b99cf3302756d447966f1d0d1795fac13f7d352e2eb

  • SHA512

    693e88969adfae896be7d1a5e4637181c4ac4ee6abaf3f43fb7b70dc2587db905120d61895ba09f05151d35b6ca9bdd806d6dd55c2e3196e02c91bab01d98081

  • SSDEEP

    24576:bw317sPycp8nCB3CDX2FeYRaGoIc/txOBRVxq5WyfU0AVsG0NvoSjdw0Hbtxqo9S:bByPnI8YPcFYziWBf5Adwjou

Score
10/10

Malware Config

Extracted

Family

meduza

C2

89.22.239.174

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    kapnov

  • extensions

    .txt

  • grabber_max_size

    4.194304e+06

  • port

    15666

  • self_destruct

    false

Targets

    • Target

      2024-11-06_a99d506cddadbf72ddd915a667760a72_ryuk

    • Size

      3.6MB

    • MD5

      a99d506cddadbf72ddd915a667760a72

    • SHA1

      78349369dddd5b675f512eca793d12b5a223764d

    • SHA256

      c34ec4d2e496f8e6e77b3b99cf3302756d447966f1d0d1795fac13f7d352e2eb

    • SHA512

      693e88969adfae896be7d1a5e4637181c4ac4ee6abaf3f43fb7b70dc2587db905120d61895ba09f05151d35b6ca9bdd806d6dd55c2e3196e02c91bab01d98081

    • SSDEEP

      24576:bw317sPycp8nCB3CDX2FeYRaGoIc/txOBRVxq5WyfU0AVsG0NvoSjdw0Hbtxqo9S:bByPnI8YPcFYziWBf5Adwjou

    Score
    10/10
    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

    • Meduza Stealer payload

    • Meduza family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks