Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-11-07_36f5bfe08c2fb0f5385835e2020729f8_ryuk
-
Size
3.6MB
-
Sample
241107-jx4bbaxphz
-
MD5
36f5bfe08c2fb0f5385835e2020729f8
-
SHA1
14f6d8353c99a64406e0fa3aab8956801423a6a1
-
SHA256
2c502b3c1f644848ab35b0234b6687794aa59eeec64df7f20d82870d223f0708
-
SHA512
76ea17463460b83263d31b996bca18abf9fe728a7aa66e1beee2225612d78ad592c08cf52dba2c55ebb2f66bf460bcae9dfa59230dcd80097c7164c9fa4ec7f8
-
SSDEEP
24576:bw317sPycp8nCB3CyRtSrpz1wh98/vkSzWw/fzFzOxVuixd0HPoKO/Q+CzCkrjKg:bByPnIfep1u98nkk/pJvo7iwB
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-07_36f5bfe08c2fb0f5385835e2020729f8_ryuk.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2024-11-07_36f5bfe08c2fb0f5385835e2020729f8_ryuk.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
meduza
109.107.181.162
-
anti_dbg
true
-
anti_vm
true
-
build_name
570
-
extensions
none
-
grabber_max_size
1.048576e+06
-
links
none
-
port
15666
-
self_destruct
true
Targets
-
-
Target
2024-11-07_36f5bfe08c2fb0f5385835e2020729f8_ryuk
-
Size
3.6MB
-
MD5
36f5bfe08c2fb0f5385835e2020729f8
-
SHA1
14f6d8353c99a64406e0fa3aab8956801423a6a1
-
SHA256
2c502b3c1f644848ab35b0234b6687794aa59eeec64df7f20d82870d223f0708
-
SHA512
76ea17463460b83263d31b996bca18abf9fe728a7aa66e1beee2225612d78ad592c08cf52dba2c55ebb2f66bf460bcae9dfa59230dcd80097c7164c9fa4ec7f8
-
SSDEEP
24576:bw317sPycp8nCB3CyRtSrpz1wh98/vkSzWw/fzFzOxVuixd0HPoKO/Q+CzCkrjKg:bByPnIfep1u98nkk/pJvo7iwB
Score10/10-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1