meduza

User tags

Assigned on submission by the user, not by sandbox detections.

Threatview.io Proactive Hunter

Sharing

Copy URL

Twitter E-mail

General

Target

WeChatSetup.exe
Size

213.9MB
Sample

240316-mgtzgsba96
MD5

f532bf00404c7e1c85cf0beea77a8087
SHA1

2e4b7a89c9dd6c94b0e2d1c4590647dac1db6e01
SHA256

f6de40a0e0c5b51daa70456189d10f7fc1e7dcd36168cf8afcb17035efda6686
SHA512

660a0f9e3d67cda569b1f23bf58704f88fa3954051ea54bcd45809572da131421cb54a799b2a09f8904b079aa62a2116525d07514780bdde50c5772dcd0cecab
SSDEEP

6291456:WGQuGyvvAlDNxMPt28nxoW94yGGGQnJGSEDeS:WSGyv4lDXORLnJ9LS

Score

10^/10

Malware Config

Targets

- Target
  
  WeChatSetup.exe
- Size
  
  213.9MB
- MD5
  
  f532bf00404c7e1c85cf0beea77a8087
- SHA1
  
  2e4b7a89c9dd6c94b0e2d1c4590647dac1db6e01
- SHA256
  
  f6de40a0e0c5b51daa70456189d10f7fc1e7dcd36168cf8afcb17035efda6686
- SHA512
  
  660a0f9e3d67cda569b1f23bf58704f88fa3954051ea54bcd45809572da131421cb54a799b2a09f8904b079aa62a2116525d07514780bdde50c5772dcd0cecab
- SSDEEP
  
  6291456:WGQuGyvvAlDNxMPt28nxoW94yGGGQnJGSEDeS:WSGyv4lDXORLnJ9LS
Score

4^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  492KB
- MD5
  
  633625aa3be670a515fa87ff3a566d90
- SHA1
  
  de035c083125aef5df0a55c153ef6cc4dd4c15b4
- SHA256
  
  bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1
- SHA512
  
  3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9
- SSDEEP
  
  12288:LAeafIS4J8anXexYWGRhvgbTu4RJ6//sCMUx:04J9/WGRS33+
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  ca332bb753b0775d5e806e236ddcec55
- SHA1
  
  f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f
- SHA256
  
  df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d
- SHA512
  
  2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00
- SSDEEP
  
  192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/WeChatInstallDll.dll
- Size
  
  3.6MB
- MD5
  
  2acb0c1f4f388e1dd5be9a01c9593185
- SHA1
  
  4700a4c989ef847f0bf39c907d08968003ec5942
- SHA256
  
  749fb2d7f65cfad8928a842d1103c22dab3239296472947798504b15858422ba
- SHA512
  
  fcba0b51326ead208db123c17118c452082fdcff9379328c5b4c0825d4039de80932cab8c38a2b7f95955907ce1a92bba4021e7e48bab7988991088cf7189f7b
- SSDEEP
  
  49152:OGHSauEm8jA+ZojaXvP3WW43XOYlZiz2yNyc0yfgWFbxq/WPyZuTJGeXMK+u80e8:OGHSabb7ZB/P2l+0yfgO0/FZPeV+d03
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsInstallAssist.dll
- Size
  
  192KB
- MD5
  
  28b411f3793dbcb81d6f3d3b0527cdba
- SHA1
  
  7614310be1231850e811a818f58ee8b54ae9ceaf
- SHA256
  
  0281e384c94cad29fd8279c1855f671c2dd1f7772cf5645f573dd1df2b3bd127
- SHA512
  
  e5c9f21e9838eca54a8ededb1bf279453e116b6cde629a75ad057b6438deec6bcacf6e27a81c8aa0fc732f26dc28cee7a006ba6d68c08846b92937e388349d78
- SSDEEP
  
  3072:tYglJRVqBh6wpVwGs5m5tEA346FO5F3zyY7IZGptOq5LSx/tcDa:FdqBhbWCuFpyq5SXya
Score

3^/10
behavioral10 behavioral9
- Target
  
  Uninstall.exe
- Size
  
  1.7MB
- MD5
  
  65a8d4d556099f4a62b3ab141034f38e
- SHA1
  
  38d2ee2b7a2c363cd99ab46d03fab2b87ff00d9e
- SHA256
  
  caff82547f14b0afff408cd83625321ad00c5145d9086e7f5c74c6ca10899f54
- SHA512
  
  f3ad2c0fb2d78551f6a65cbd4aae6a3ea5f3653e4456ec9fb4aa36ab299fffe9712acb3da91b272f9cef7f2d7216e38a9685d9179bf72f6f9cae6cebc5d8f8f5
- SSDEEP
  
  24576:0GTJPUbMP326XBoBBYHsIfDczcu5IOQ6LbitlK3cBD5Mm1cBJkkMG5pOVUWjPSdD:FI2G0oWMIoVljGG3aqmQkk9OOpt
Score

4^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  492KB
- MD5
  
  633625aa3be670a515fa87ff3a566d90
- SHA1
  
  de035c083125aef5df0a55c153ef6cc4dd4c15b4
- SHA256
  
  bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1
- SHA512
  
  3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9
- SSDEEP
  
  12288:LAeafIS4J8anXexYWGRhvgbTu4RJ6//sCMUx:04J9/WGRS33+
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  ca332bb753b0775d5e806e236ddcec55
- SHA1
  
  f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f
- SHA256
  
  df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d
- SHA512
  
  2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00
- SSDEEP
  
  192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/WeChatInstallDll.dll
- Size
  
  3.6MB
- MD5
  
  91153d3fc0b835b072aeebc4d8837faf
- SHA1
  
  1e1e524be7c69077229973e385c447d9692ad937
- SHA256
  
  a7971bce47584535e9033f9d72d8f6f386c7d8deef3b93e11de50cf9574f7413
- SHA512
  
  2b49c6d701cc6f0d25a81258dcec2159ab3ea30389d18aadcc486c540f5daf6adedf998def1bf5c5fb4a5712755dbca710387c862a89138b23ec081682e835ec
- SSDEEP
  
  49152:IBTaBlUSRRWRgyuHaLF12pv55EW4AXO/hPsQIYmSXyfgY2YBlWPRGtTLJMK+u8GJ:IBTaBzIguwv/ShTXyfgClmG13+dTW
Score

1^/10
behavioral17 behavioral18
- Target
  
  WeChat.exe
- Size
  
  644KB
- MD5
  
  66eb21741ecfc2a8a53a24d65ec7a40a
- SHA1
  
  6d70532a0b9a1012da004bb78461fff8d9845253
- SHA256
  
  64cd27f902fdf3e74c2ed74f7640ec000441ef46daffa20416da582e751b18a8
- SHA512
  
  47289021ab9543a30a2ab647f42619cba048be9c03f4b8c6fbc888bb7167c0cd8868e482114874c0b6c8f02dc48b6e87d22b1c4f04e53a0d20b62897199955be
- SSDEEP
  
  6144:GYEMF2LJ65kzLpKhlD24mjLrTeXivA29PR7YK:GYEtLJ65kzLpA1VOr9J/N
Score

10^/10

meduza evasion stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral19 behavioral20
- Target
  
  WechatAppLauncher.exe
- Size
  
  612KB
- MD5
  
  08e35f062f4ab4583e683360fda618c9
- SHA1
  
  69278dd8903ab811e5475d3cbe3ffa64f337fc96
- SHA256
  
  19ba49900886740468c8b42c3137554a72348cb9c7f197283ea05998313ab667
- SHA512
  
  14380cea0ec17daf79395cb36866b0cb44a05dcc1e1a21198817b20f949841ece07e7c17b0a91c1a35d2e97cb853e9842d1efda5fc235fb2d3404a7ae3c01e9f
- SSDEEP
  
  6144:1M3AikYL7twGMx4s0eBRWZp2QGnvY4lgNt:1CAi3Y9VBgZp0vH6Nt
Score

1^/10
behavioral21 behavioral22
- Target
  
  [3.9.9.43]/ConfSdk.dll
- Size
  
  1.3MB
- MD5
  
  b469a62b38b18869c3146b16652f7cad
- SHA1
  
  eba667eae4e894f9fbf1d67fde6665349480d27f
- SHA256
  
  cf6e5dd1dbd3e1963279aa5120adb2fb544817c3f74a2819ccbaa3c27773ffc6
- SHA512
  
  a5502bc2e09f218d3948fffe70e71cc7ec654e031f71357a78f06077a567b5a06d10879e2b1f4d4c96a4b56ea777e762ded457f33260c1f1f8f0a6718710141d
- SSDEEP
  
  24576:Y3Yptx6ZMFT8wnorDnD0ADl6dWmHc240YGr0fJIp:YjSFt46dWmR4zGrd
Score

1^/10
behavioral23 behavioral24
- Target
  
  host/wmpf_host_export.dll
- Size
  
  1.8MB
- MD5
  
  557263e28dc6c1416cea8b43a9a47282
- SHA1
  
  bb2306ef4e99dc0b10aa8ab51bb2872ed2a5d45a
- SHA256
  
  d40ebacc2c08b72aa48dbe613ef2bc4cfe65bf0fcd63254239308fc4ae0eb226
- SHA512
  
  b8fd24c566d770a452ecb5d227ccfe2ae8afc37d1c797d064adda63ec34a606c3ac882b2a366e4828c5c4869e249e2cf9dd9852185d63da9ff4bfc6c71c3d686
- SSDEEP
  
  24576:e+JpOhdC4YyHBU8p4aolR7esO2YgdlnL6tO/MbcTuMilTfYR01Is0B2o5pvy82+f:kC4YyHBP4DesjgsYOmP0B1i+
Score

1^/10
behavioral25 behavioral26
- Target
  
  host/wmpf_host_export_x64.dll
- Size
  
  2.2MB
- MD5
  
  e479c9b7f445f62e512dca0b671fddba
- SHA1
  
  20a0df44d91a5e3b9bb8e422946f343d4f82df61
- SHA256
  
  c9c85a4136cfd3a06cf15d1fa59e0ae0343cab03986bec5cf4456402d8eb3b3c
- SHA512
  
  0a1606ec5a794f1c1b4b28e3161cc142999d09f4bc8ffbd241b4c42bba562048a0653857ae1b2f70cde6691e7ce4b78a2201fbf540c3ca4c64a4f64d7887b1fe
- SSDEEP
  
  49152:nQPPNAKvIm0DEcv5Qx5XBPo7BxBZGY4R24FmwK74vSeTtc:mcDEcvuqP4rzK70TO
Score

1^/10
behavioral27 behavioral28
- Target
  
  runtime/ComponentVerification.dll
- Size
  
  179KB
- MD5
  
  2d39b287fc2e07a9f26620c5173b41b8
- SHA1
  
  5cb471dea1a7087f5b6735ff8f43f9f27d32a061
- SHA256
  
  28e883c76d68de23f0a2aaaaf8458e490c54d6874e33594b8fbf7e44f099270b
- SHA512
  
  6e37dfa78c40ce8fd58edf237cf26c4d100f19970fdda8c0cb2cb95718ebba284c1e1ea481335f8270b9ecf015757f206b74de6c83a5c7e409e89b214abb064c
- SSDEEP
  
  3072:KdnhUaZ90uRBfBFS2AFtKccB5n0piJMYbomgXuxlT4y:Kh3BZFF6t9c3nK6Oy
Score

1^/10
behavioral29 behavioral30
- Target
  
  runtime/ConfSdk.dll
- Size
  
  1.2MB
- MD5
  
  c21a0198c2c75b325b8fd1233ba6984e
- SHA1
  
  fc0442083b7c165b97efb8018cffa0c78ac50a8c
- SHA256
  
  f9c904746a447a25f2e7815448e69a5c29dd2c207962df208916d3e52e2ae888
- SHA512
  
  d34a74715ef8c86b05b8802882a77265d71249f00fa4e9b850322465747fda2fce8e6a56bd1aed3ec99ef5957cb192e487f51fb0c575bc07fc7b532e783be0e3
- SSDEEP
  
  24576:ND9Yx6VsUPUN3onEeV47fI+jF5Sw9Y3Cj+j+xb:NKgwagQMF5Sf3oL
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

User tags

Sharing

General

Malware Config

Targets

Meduza Stealer payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32