General
-
Target
e43b76667963ad1cdf1f1603a1a67b79.bin
-
Size
6.5MB
-
Sample
240410-cc49jsbf98
-
MD5
0dd8a03099a92360d0ea039b8ddb0aa4
-
SHA1
1d1c39580ac3540c46785d93479b165d7768e2a7
-
SHA256
b6fd35c7fd3a7c45dd4a3e0b044ff23b9eeab75137731ebb8c0385c71d21d1e2
-
SHA512
6c17dce85f6622ad41280c810cd06e519fa59fb9203d8f9ddbe417e428c6d59c74aecc4dffb4f43876736acc084f30dfaaac5ad8b2cffc329e9fedd23c0fad96
-
SSDEEP
98304:eUKN3quegGd5pbMuczQFmeh1YDtwB8r8FaRFGN7dn0QF7qa6A9euOvBowOgCylR:eU4qngiODzUmeh5KmI0eutwR
Malware Config
Extracted
meduza
109.107.181.83
Targets
-
-
Target
cf3102636a070178cf575bc0e870fda7aa32d94dd6000d46de7205d064b0bd40.exe
-
Size
6.6MB
-
MD5
e43b76667963ad1cdf1f1603a1a67b79
-
SHA1
a091aad8999eb8c9b833091044b6d7a0a89e4a4e
-
SHA256
cf3102636a070178cf575bc0e870fda7aa32d94dd6000d46de7205d064b0bd40
-
SHA512
d14c1e47759b176bff29bd2b50ff6abec4714cebc94b3408cb0ee4cecafa290212aac9ca3a5849a1bc4efbea50b9a50fe5d59d465b3245ebca34457a57a1abf1
-
SSDEEP
196608:SAERid74MOMmrcKlW17Lv3+btkw0NBIdA8gkt8sYg:SA8idEMmrHlW1fWJtFBv
Score10/10-
Detect ZGRat V1
-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
PureLog Stealer
PureLog Stealer is an infostealer written in C#.
-
PureLog Stealer payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-