meduza | 0f8b8e294577598a477970e3e2ac5b5a1bda0b90aacb61eca90b2b1cb80a119d | Triage

Submit
Reports

Overview

overview

Static

static

3

0f8b8e2945...9d.exe

windows7-x64

0f8b8e2945...9d.exe

windows10-2004-x64

Sharing

General

Target

0f8b8e294577598a477970e3e2ac5b5a1bda0b90aacb61eca90b2b1cb80a119d.exe
Size

4.1MB
Sample

240405-bd52ssgd33
MD5

c3e44b324eb2145c756c3e5de7b4defb
SHA1

150238e4629d6941f95d1ab7a6e84897e5bbabd9
SHA256

0f8b8e294577598a477970e3e2ac5b5a1bda0b90aacb61eca90b2b1cb80a119d
SHA512

2776571ddd9b023b8452c2e892505607a83aab44c88031e440cb6e099e48d3f22e488c640e662086a83cf7801c23f24547d00e3010cae2cf2111e912a2618047
SSDEEP

49152:xXmM3+IVJiicn3HpKoQyvf7+MsgFYengla6MuBWcywgSzLXduCtr8U:KdVjnaJ8dwWTwgSlf

Score

10^/10

meduza collection stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0f8b8e294577598a477970e3e2ac5b5a1bda0b90aacb61eca90b2b1cb80a119d.exe

Resource

win7-20240221-en

meduza collection stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f8b8e294577598a477970e3e2ac5b5a1bda0b90aacb61eca90b2b1cb80a119d.exe

Resource

win10v2004-20231215-en

meduza collection stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

5.182.86.229

Targets

- Target
  
  0f8b8e294577598a477970e3e2ac5b5a1bda0b90aacb61eca90b2b1cb80a119d.exe
- Size
  
  4.1MB
- MD5
  
  c3e44b324eb2145c756c3e5de7b4defb
- SHA1
  
  150238e4629d6941f95d1ab7a6e84897e5bbabd9
- SHA256
  
  0f8b8e294577598a477970e3e2ac5b5a1bda0b90aacb61eca90b2b1cb80a119d
- SHA512
  
  2776571ddd9b023b8452c2e892505607a83aab44c88031e440cb6e099e48d3f22e488c640e662086a83cf7801c23f24547d00e3010cae2cf2111e912a2618047
- SSDEEP
  
  49152:xXmM3+IVJiicn3HpKoQyvf7+MsgFYengla6MuBWcywgSzLXduCtr8U:KdVjnaJ8dwWTwgSlf
Score

10^/10

meduza collection stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meduzacollectionstealer

behavioral2

meduzacollectionstealer

© 2018-2025

Terms | Privacy