meduza | 39409db2a70039e2cc325529debbb9179981287e4e9a259c1ff3b45c1ca9e0f4 | Triage

Submit
Reports

Overview

overview

Static

static

3

6d70465792...77.exe

windows10-2004-x64

Sharing

General

Target

6d704657924328cb2dd07aef0bdb8777.exe
Size

14.5MB
Sample

240408-thc6padd72
MD5

6d704657924328cb2dd07aef0bdb8777
SHA1

b61098798c23791490e459899b3e52948e85b857
SHA256

39409db2a70039e2cc325529debbb9179981287e4e9a259c1ff3b45c1ca9e0f4
SHA512

4eb13f851f99a9105ff8386ea0c74b056a10b111c9393ebe4a93ac92c9fa16a24a641e954951b8cbf54d7bf9af2deee605e845b2d954584019eeba95d2b6d407
SSDEEP

393216:DnZ4GTlYjEYCz35SfXCJdzbSJpnYrkVy/+YrzT43DG9UlpC:d4GyjJaJB/U9MkV8Dn43D0UlpC

Score

10^/10

meduza purelogstealer zgrat collection persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6d704657924328cb2dd07aef0bdb8777.exe

Resource

win10v2004-20240226-en

meduza purelogstealer zgrat collection persistence rat stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

109.107.181.83

Targets

- Target
  
  6d704657924328cb2dd07aef0bdb8777.exe
- Size
  
  14.5MB
- MD5
  
  6d704657924328cb2dd07aef0bdb8777
- SHA1
  
  b61098798c23791490e459899b3e52948e85b857
- SHA256
  
  39409db2a70039e2cc325529debbb9179981287e4e9a259c1ff3b45c1ca9e0f4
- SHA512
  
  4eb13f851f99a9105ff8386ea0c74b056a10b111c9393ebe4a93ac92c9fa16a24a641e954951b8cbf54d7bf9af2deee605e845b2d954584019eeba95d2b6d407
- SSDEEP
  
  393216:DnZ4GTlYjEYCz35SfXCJdzbSJpnYrkVy/+YrzT43DG9UlpC:d4GyjJaJB/U9MkV8Dn43D0UlpC
Score

10^/10

meduza purelogstealer zgrat collection persistence rat stealer
- Detect ZGRat V1
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- PureLog Stealer
  PureLog Stealer is an infostealer written in C#.
  stealer purelogstealer
- PureLog Stealer payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meduzapurelogstealerzgratcollectionpersistenceratstealer

© 2018-2025

Terms | Privacy