Overview

overview

10

Static

static

10

Crypto Rip...in.dll

windows7-x64

1

Crypto Rip...in.dll

windows10-2004-x64

1

Crypto Rip...or.chm

windows7-x64

1

Crypto Rip...or.chm

windows10-2004-x64

1

Crypto Rip...or.exe

windows7-x64

7

Crypto Rip...or.exe

windows10-2004-x64

7

Crypto Rip...ce.asp

windows7-x64

3

Crypto Rip...ce.asp

windows10-2004-x64

3

Crypto Rip...ce.vbs

windows7-x64

1

Crypto Rip...ce.vbs

windows10-2004-x64

1

Crypto Rip...My.vbs

windows7-x64

1

Crypto Rip...My.vbs

windows10-2004-x64

1

Crypto Rip...ce.asp

windows7-x64

3

Crypto Rip...ce.asp

windows10-2004-x64

3

Crypto Rip...SL.dll

windows7-x64

1

Crypto Rip...SL.dll

windows10-2004-x64

1

Crypto Rip...ng.dll

windows7-x64

1

Crypto Rip...ng.dll

windows10-2004-x64

1

Crypto Rip...ce.dll

windows7-x64

1

Crypto Rip...ce.dll

windows10-2004-x64

1

Crypto Rip...or.dll

windows7-x64

1

Crypto Rip...or.dll

windows10-2004-x64

1

Crypto Rip...ks.dll

windows7-x64

1

Crypto Rip...ks.dll

windows10-2004-x64

1

Crypto Rip...on.dll

windows7-x64

1

Crypto Rip...on.dll

windows10-2004-x64

1

Crypto Rip...Da.vbs

windows7-x64

1

Crypto Rip...Da.vbs

windows10-2004-x64

1

Crypto Rip...Da.vbs

windows7-x64

1

Crypto Rip...Da.vbs

windows10-2004-x64

1

Crypto Rip...es.vbs

windows7-x64

1

Crypto Rip...es.vbs

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CryptoRipperreFUDpack1.7z

  • Size

    24.4MB

  • Sample

    241123-vhtn4svkdq

  • MD5

    970da18c0ac98e9fa2a96ef1d816e586

  • SHA1

    294fed6118f8737c4f0b654497581497300b9c3f

  • SHA256

    ec41dc11de92db5fd53bfb863828338d2e8de2ed03434d44f38be3dbec66ff6b

  • SHA512

    a1c15ac15adc2e0790a67686ca080296cdca696cf581f037a5c97f0921f7c8651bbb674b8985b2e709a0b0c0c7a9f6c072edf28ac3a065696caafffdd2e8227a

  • SSDEEP

    786432:0Z3xzt3GEOFJAmYRFc0H2ZKyJioHyOm5JyOArYp1ciw:s3xzYE0GmwFc0ryJinOm5P4b

Score
10/10
blankgrabberpersistenceprivilege_escalationvmprotect

Malware Config

Targets

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/COAddin.dll

    • Size

      14KB

    • MD5

      8358c3e6094d2dbcf3be231cb98acb1d

    • SHA1

      ec2087871410999fc5408c895a6a7c1e7cdfae6c

    • SHA256

      bf46435ab49c324f9b8f7127357ad3b294c4b970985957cfe35c810f53ce2b79

    • SHA512

      b6194c25a4b68c5cf99fc908fb1f36a2905799fbf75de26bc62a7dcb875a466ee22bef1534f14ae46f187b8f4fbbaec70d43be3795f2462d6219d823ef1d286c

    • SSDEEP

      384:KBvYxvABoq96uXDFcgZkoO0mRH5z5kht:KiK5nZkPhKt

    Score
    1/10
    behavioral1behavioral2

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/CryptoObfuscator.chm

    • Size

      812KB

    • MD5

      a444d1418acc12ef2828a1f70e93f6ff

    • SHA1

      b73bb3fc0fa75038f1d10f8f29a95d88d1d5edb8

    • SHA256

      a1f64fa4835b87a6eded7d46944278f7f9a5455a9eae5b314890afedbcc24119

    • SHA512

      5198ba91e782f0ad52deb46950680bff36a1e6a922d49bee0b55fd82e32f0cb3068eceb3550a00435a566c30b30151829cb8cc034efda9419f9245f8c658e2b4

    • SSDEEP

      24576:ZXH0fRSDIUpZru/nd+XKDPSr/WjzjpOgG+ae:ZkfRoZru/nAXKjWGXpOx+ae

    Score
    1/10
    behavioral3behavioral4

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/CryptoObfuscator.exe

    • Size

      8.2MB

    • MD5

      40685b8b533fdf3a2f5f14645e402cf4

    • SHA1

      b375c9244ad48e6cf16a9c192efe6493d2fc54ff

    • SHA256

      022873192bac963ae24e25c63e04b3255f8b6fe38954579ec9825e80281236c6

    • SHA512

      62da313ee13f738076cad1c38207927f7353994d595d64d8ce10aea5c717a35f8e3badce8801634642f80be2ae2e8fc6b11142aac67b6ff24cf8b414e3cbaaa8

    • SSDEEP

      196608:tRfDUvCtuFwVgaTEPRHNRtNcAFAPdMCId/7kBHg1sZwOau0XC7wyViSuCUy9hWhm:tRfAatuF2dE/dcaAPdTId/WssZ2o3ViK

    Score
    7/10
    persistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    behavioral5behavioral6

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceCS/Service.asmx

    • Size

      142B

    • MD5

      698fffae4c2cca21365d068106c624ce

    • SHA1

      c363b6510bee0a5b3f1e0708ceb6decc71e84b81

    • SHA256

      50893a3939afc8488a729f1870da260fa03b0a32a4b2e0fb77f681b745999fe1

    • SHA512

      f4d3a58865d0033d74f81249de41440837b8344a7c069d6aa0d9157b7903f946c079deddd7e492dd50284a5f567f3f0aa2b5ba8a550ac60def2ec233f183b4fe

    Score
    3/10
    behavioral7behavioral8

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceVB/ExceptionReportingService.vb

    • Size

      3KB

    • MD5

      f76e66e50c0619f5732e77d5fdb8dcee

    • SHA1

      eddb7d1b0e2c4de6d824eeeff4f84c2764e8ef63

    • SHA256

      94c4902e52a62913f40f33269ad7eabbd2af319a76011502266eb72bd2fbc82e

    • SHA512

      04adf75e45c744a7cc4031e5ae7433ecd89d6d589b35a473131dc0b91194377d5e3ab1e1b6eaba771c2355033aeb7533cd78408f724d7b071f6da70d9863e858

    Score
    1/10
    behavioral10behavioral9

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceVB/My Project/MyExtensions/MyWebExtension.vb

    • Size

      3KB

    • MD5

      1d7888ff92b1bdac79309c3f1f2b071d

    • SHA1

      5364e70a5c827148ec0269c6e929635aa1956d3c

    • SHA256

      3db084cc2211792c719267dfb3c0a5925fd56548c75c9b011e70c2da76bde169

    • SHA512

      35496a183ab938685afa7a0caf3fad9b3d357caf7eda37180ad89d3fac2ecaae9efe6fef85135a27e2db681e35946bef8401363eadae69bb9b7db250276c1d36

    Score
    1/10
    behavioral11behavioral12

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/ExceptionReportingServiceVB/Service.asmx

    • Size

      142B

    • MD5

      8449e5ac285aa9e4a444a54c18cb6003

    • SHA1

      c875876b448ff5552d6d3ebbd5cfed1d30cf0950

    • SHA256

      ccd6f0de3c5d0ea2a58b6b1e43c6e61d53253d25c0be180e369b3684fb87e205

    • SHA512

      74bb6b170e7ff09f973841b775c9fdc5e14672535153e778b780b6be8ee07d11fd063649a5d3c525d282c8879f49c4a125d3cccf5782a5b2a19c821cb8f8bc51

    Score
    3/10
    behavioral13behavioral14

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.CryptoObfuscator.ExceptionReporting.SL.dll

    • Size

      10KB

    • MD5

      57497f0cfbac3bc47b2c09433b8873f5

    • SHA1

      fdf68594217446dcd98b5a2adba91fc089e3b732

    • SHA256

      3e315c35ce3139ca693c7ad060bf0fad0c7d4534581acbd5132ea60f497cff31

    • SHA512

      b263b76625e714e78db2488768cfb96ca29dabda26ad468175f0980766f7bd8d7f525f7e11e4b4579aead19c6e8e6d8e9d7f6588293852b121352dc7c1d177b7

    • SSDEEP

      192:couV0wmJoPyibzRHgj+UGP4UQYaJehnXPB5a:cogXyiblZUGPl4CnXna

    Score
    1/10
    behavioral15behavioral16

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.CryptoObfuscator.ExceptionReporting.dll

    • Size

      17KB

    • MD5

      187ba2c4dacc888f902758161052e00f

    • SHA1

      64147bbce511912654760c27720415eb99d74f4b

    • SHA256

      66d38655b5eea1075c412b8f54b4c22fc5e9f79178a28ed28a141bb6d983be94

    • SHA512

      ecf28c9886467a1e9e698c4bf155f4a65d03c1c8c0f2add72478ce91df678d9c5bd5fb98a037584d20ca1647a5275d28bb44a790e5e399ff8ed4b67e92aab842

    • SSDEEP

      384:OySlZojqkoVV1o4BMQzsDff5V8kfq/7qLm4u5fHEz:OyTxpV8kf6t7Ho

    Score
    1/10
    behavioral17behavioral18

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.CryptoObfuscator.ExceptionReportingService.dll

    • Size

      13KB

    • MD5

      9b8e6eb9144cd827a8e058abb7a03649

    • SHA1

      afdc658fad526ffed71c539b8a815fb2303d7e81

    • SHA256

      29c34f7c0e16a402f34ad4fbd0acd56c2121e6335cac3fabf785a803d107e087

    • SHA512

      be7c0e5110550c0a61e70a5afd2f6ddb3d85ec3fd37e0ac562e64ccd4a2f4c5533afb88f7c41631aee73800bb00e7a240b880ae6ab7d1441e38cfe0e48f3d59f

    • SSDEEP

      192:TymvLCkQAazooFwncrn/2nahhnnA1zqU7G+b1Y64ZhY6lJb25:TopAajFwcrn/ZxUDre7+5

    Score
    1/10
    behavioral19behavioral20

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.Deobfuscator.dll

    • Size

      21KB

    • MD5

      0a4efca4effdc1936a60a78acdfd02c0

    • SHA1

      ac7c4cd28355b2334efc97ea83f4f4056b9df4a3

    • SHA256

      6d7fd85d43146a4a837490ab933f4e928d096f90c0232added12dfcf02f13171

    • SHA512

      3533c44e69a988ebd8c885ad4494102c2cdcf7bcf4b68ad980c60a63c0711be77031952753a525f2d33460bafaed055afd50478d6a6c3eb6df4a7b3258f0cb37

    • SSDEEP

      192:/oLsJxXlPqx0JBtGANtYZ6DgYisQV11KBllb8HbCZYenS645qCIVS9En4vUDD:usDX7FN3g1sMKBllIuSR5aiCcuD

    Score
    1/10
    behavioral21behavioral22

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/LogicNP.NAntCryptoObfucatorTasks.dll

    • Size

      9KB

    • MD5

      1fe0939a21b8969bdbdd2e29b403b67e

    • SHA1

      48b7b1a22fe2dd1da45a902ba364e56c6735e82f

    • SHA256

      f8ab2edbcdcdab9abf6ae00b3c7cdfedc1deec14882dd9de0c223d03c58335d2

    • SHA512

      e783b8b5f80f8ac4615bd532a7c8ea899ba7170ffd5e565dabe1a8f64a5966ed4a346c652c43a6cee4fae67be775aa34ce99bf38c70e1bb602e5fdcda44429ba

    • SSDEEP

      192:pW7G8s6fL3dPxvXfKQRtb+70jymSu87T0drDddu1Ql1Q:pW7G8v3pxviAso+mSRTYDddu1L

    Score
    1/10
    behavioral23behavioral24

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/MSBuildIntegration.dll

    • Size

      20KB

    • MD5

      88322b2c80d1f9784a253470a2b7955b

    • SHA1

      61502a165c094f138aa45493cbf0831cfa51db18

    • SHA256

      38c8f0f84d402b4b832b9bc5039e1ac698c65f5f9a35e4a47602d9d1c111e6df

    • SHA512

      74dcb071179635af760a00c3d4c24855013b21d1b537155a152bb07333eb7bf3836f6ed2037ca713c86b0d90711d6fb13a0ababfdace1026200d2067195b553c

    • SSDEEP

      384:xWxk4Hx1pXdGPTOvev6yMRuag1xQ6lT3JyFlFtPvmYpcL:xWxksx1Fd4mDyMRu11xQyiDhOY+

    Score
    1/10
    behavioral25behavioral26

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/Samples/ExceptionReporting/C#/AddCustomDataToReportDemo/AddCustomDataToReportDemo/Properties/Resources.Designer.cs

    • Size

      2KB

    • MD5

      c939efb95f44f41900ce14d297fae074

    • SHA1

      0b62430e5d6b16e93b7d904b33afc9e1c6793c6a

    • SHA256

      8391d26b2e0d01681bdd7e450492ae8ae6756e5645d33e998e689c03a2513003

    • SHA512

      47adc804f638cf90d7e6ed35ba2557508fcc70993a653ee875f85c8c8d40b959cdfd693c34a42d649752fdab154afdd8f605689707d27e166e4c0cb701d1c8ee

    Score
    1/10
    behavioral27behavioral28

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/Samples/ExceptionReporting/C#/AddCustomDataToReportDemo/AddCustomDataToReportDemo/Properties/Resources.resx

    • Size

      5KB

    • MD5

      0cd8c971317d19bbed44757809bcb92b

    • SHA1

      47b15748ecc8e952c5935170090db7c269ce4b4f

    • SHA256

      66b5ebd1b0fc73f041ba669ce2184f6f471d5e3524efa34ca31233e9f5395262

    • SHA512

      883dba84bf7daae3ea49f9d54c13dda4f125da82ba63f90eeba0900602896ad9492a0adf7b69b67d838034090af20926af5c2934797afaadb38aa069786c1fc6

    • SSDEEP

      96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT200qSdvabvDIwQBugqvA:KjrbLPD9sLvIzSvKgIqUEa2

    Score
    1/10
    behavioral29behavioral30

    • Target

      Crypto Ripper + reFUD pack/Crypto Obfuscator For .Net 2013/Samples/ExceptionReporting/C#/AttachFilesToExceptionReportDemo/AttachFilesToExceptionReportDemo/Properties/Resources.Designer.cs

    • Size

      2KB

    • MD5

      421628a04e47053010b8177beab445fd

    • SHA1

      0d04341d8b13fada1a6954198d4ee46653dbab5a

    • SHA256

      5532ff1ac0c8967de295b0f72068fb3938d44b673eeebea00d6f822c31d63357

    • SHA512

      096b4fc3c45da1e1544bb1a57f5836c94d7e8fc670469eb99a488527cd30b022409216fe9739919f68c5b96c9891805ce5e952d7706dcb573548f0c0cce33705

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

vmprotectblankgrabber
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

persistenceprivilege_escalation
Score
7/10

behavioral6

persistenceprivilege_escalation
Score
7/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10