Extracted

Extracted

• • Target

    79a4957f909897760a7424a0c3f249b1363cd39ebdbcbee84b25b696bd6a3dce

  • Size

    260KB

  • MD5

    002ba1e8dc8600a717a2550fef8df45f

  • SHA1

    91a1a7f2841c06abd49baf6fada4ef2c1880fd8b

  • SHA256

    79a4957f909897760a7424a0c3f249b1363cd39ebdbcbee84b25b696bd6a3dce

  • SHA512

    be287d44e022fc2244c7cf01d63aa3514627f18dba83d60eee0e53537a1a5eabd682d3ea736f37abbaad1cff877b37dc37aeb27cd69cceeab80f4e1d54348b3a

  • SSDEEP

    6144:4VfSVckR+Cqkv35wRHl3+FsO+Y40lIUcuaRnT:GqVBR+MvpwNluFsTSI6gT

  Score

  10^/10

  gcleanermeduzacollectionloaderstealer

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2