Overview
overview
10Static
static
3Velocity (1).7z
windows10-ltsc 2021-x64
7Velocity (1).7z
windows11-21h2-x64
1net8.0-win...ox.dll
windows10-ltsc 2021-x64
1net8.0-win...ox.dll
windows11-21h2-x64
1net8.0-win...ty.exe
windows10-ltsc 2021-x64
1net8.0-win...ty.exe
windows11-21h2-x64
1net8.0-win...config
windows10-ltsc 2021-x64
3net8.0-win...config
windows11-21h2-x64
3net8.0-win...ty.exe
windows10-ltsc 2021-x64
7net8.0-win...ty.exe
windows11-21h2-x64
10Resubmissions
20/02/2025, 14:15
250220-rkw1gawran 10General
-
Target
Velocity (1).7z
-
Size
280.9MB
-
Sample
250220-rkw1gawran
-
MD5
ddd76a3c9d42e64261a6369463305779
-
SHA1
3edcae24eaab3fe14e4a6a84937ebb9733fa1eac
-
SHA256
b662290de96c568fc32720e4862e8eb5da8bc47096c8b66599d51072a5db4ae8
-
SHA512
c6e4a8f86c40401941330219c620160955f3d1b1efecfa7e3f70c77b85204af10beb76d0d2cbb4840e1b890ddf6d48173db9c9112411fd286795acb73f9110cb
-
SSDEEP
6291456:hEa5oguevRaJwacAbRiXZvuo0j7nNh9kEC7cQ13VC29a0Ic/:WarRa2acDZwj7NhmECzCkJ
Static task
static1
Behavioral task
behavioral1
Sample
Velocity (1).7z
Resource
win10ltsc2021-20250218-en
Behavioral task
behavioral2
Sample
Velocity (1).7z
Resource
win11-20250217-en
Behavioral task
behavioral3
Sample
net8.0-windows10.0.26100.0/Bin/Roblox.dll
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral4
Sample
net8.0-windows10.0.26100.0/Bin/Roblox.dll
Resource
win11-20250217-en
Behavioral task
behavioral5
Sample
net8.0-windows10.0.26100.0/Velocity.exe
Resource
win10ltsc2021-20250218-en
Behavioral task
behavioral6
Sample
net8.0-windows10.0.26100.0/Velocity.exe
Resource
win11-20250218-en
Behavioral task
behavioral7
Sample
net8.0-windows10.0.26100.0/Velocity.dll.config
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral8
Sample
net8.0-windows10.0.26100.0/Velocity.dll.config
Resource
win11-20250217-en
Behavioral task
behavioral9
Sample
net8.0-windows10.0.26100.0/Velocity.exe
Resource
win10ltsc2021-20250217-en
Malware Config
Targets
-
-
Target
Velocity (1).7z
-
Size
280.9MB
-
MD5
ddd76a3c9d42e64261a6369463305779
-
SHA1
3edcae24eaab3fe14e4a6a84937ebb9733fa1eac
-
SHA256
b662290de96c568fc32720e4862e8eb5da8bc47096c8b66599d51072a5db4ae8
-
SHA512
c6e4a8f86c40401941330219c620160955f3d1b1efecfa7e3f70c77b85204af10beb76d0d2cbb4840e1b890ddf6d48173db9c9112411fd286795acb73f9110cb
-
SSDEEP
6291456:hEa5oguevRaJwacAbRiXZvuo0j7nNh9kEC7cQ13VC29a0Ic/:WarRa2acDZwj7NhmECzCkJ
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
-
-
Target
net8.0-windows10.0.26100.0/Bin/Roblox.dll
-
Size
2.7MB
-
MD5
3df9ab5a093b30181d06309ef4bc7fb6
-
SHA1
fade0a6b1fc408a51d5f120ef6f672795bb37cf6
-
SHA256
b4a7c9bf0cfcbee41b683b6f2b887b92522a45d72b08465849b852b529043293
-
SHA512
524e88e6414bc8fd61bf34a1b282e17d77bc40eb5a76e3a5c8fad42bf32d595ad73e9f745a1c0a23439829cccfaf9bed8c8ce647ae6915333377dedc3ecf9317
-
SSDEEP
49152:nqET+KzKfBdL/ctK3vEjJzotiGawI6OS8h1iiydSKIwGgHnMOU7:LFEnvPYwIrS8h1TydSKIwEf
Score1/10 -
-
-
Target
net8.0-windows10.0.26100.0/Velocity.dll
-
Size
180KB
-
MD5
2ca855104c17addc37579bb97e797830
-
SHA1
5e8cfd85c3af87df58309877998a0fc141ffc5e9
-
SHA256
1cd022f27a031a1328a825555d4b2fa38d391bbd14a4bae5dbaa853748eff51a
-
SHA512
5e8da0918c489989cdac0332698832390dead824269c0b29d54120cadea5ec38d79c317c9c16bb3b715b1c817d12d63d0d4714910793c25998e4f1f367687c4b
-
SSDEEP
3072:PmL+QbRxchWJ7ugWd//X0FTGDvdV79vZp3MeJKxlf00LLUsBSkANbs3QV+XRxx/Y:ZSw4iguv0FTGLMw0MsBSXZsAV+XRj
Score1/10 -
-
-
Target
net8.0-windows10.0.26100.0/Velocity.dll.config
-
Size
1KB
-
MD5
5b5d39393c3a7a56b679e5268d04bbd8
-
SHA1
977311624996250c992dcd1980ec4fb89b8f07b2
-
SHA256
dc5183d05ba53475ede31db2d07e6ae11974028cf4f8ec73fe80a1bd4f3b25a8
-
SHA512
ecc3664cdca78f9729b74174e875ea66ab5ab8b94a7e8f620577c1d7fe63b455080e54843861afbb2e5c92969aa084481026cc3962873eeb1b0d017b10e3d51d
Score3/10 -
-
-
Target
net8.0-windows10.0.26100.0/Velocity.exe
-
Size
140KB
-
MD5
9792add6ee65934b6a03cc1605ea098b
-
SHA1
966c698fe9cf94f27876a87192ec7f9ba487dfef
-
SHA256
575a5ee1eb56e433e4402beef8e4c2ae66a84cb181d22ed4f35fe6d65eec5a1e
-
SHA512
a25c8eb359a7ab52151547fcdbac1ffa41aa25ca854a2d77e70683be8e324905b05f5193cfe11fefe8b19c434e7be8bf72ab7e160a7beb827a2f60b04df8c816
-
SSDEEP
3072:3jK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfOrhBu5:3jK4TDUqgpqWDLZ5H+xuZ048hA
-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-