meduza | 3984-4901-0x0000000140000000-0x00000001400DA000-memory[.]dmp | Triage

Sharing

General

Target

3984-4901-0x0000000140000000-0x00000001400DA000-memory.dmp
Size

872KB
MD5

0e82e24ca4fa6103ed3c732e3868cffa
SHA1

6f43cd190175b65c6a7ef0332320461dcf759fac
SHA256

93a8efe348c4ca8a2eaa2b91da256d7df3677bac6c9f46f6b27b0f62e8717fad
SHA512

de853ea5ef9bcd1b91db374a05e339abdf4109200193cda68f78782f7cf4a2124e62ac3388e4b81451b0a1715da6f83e3e38352b3e124d479bb6643dd9f7d8b6
SSDEEP

24576:N59vM9zB8huRx/W9QkhaEfX1Cu5/XsrXKbRVCNfjjmS:NPM9zB8huRx/AdnflH5vsDASD

Score

10^/10

meduza

Malware Config

Extracted

Family

meduza

C2

109.107.181.83

Signatures

Meduza Stealer payload 1 IoCs

resource	yara_rule
sample	family_meduza

Meduza family
meduza

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3984-4901-0x0000000140000000-0x00000001400DA000-memory.dmp

Files

3984-4901-0x0000000140000000-0x00000001400DA000-memory.dmp
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 669KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ