General

  • Target

    6a0c9fe08e3f92c11471799549045786

  • Size

    14.5MB

  • Sample

    240416-rhq2faca42

  • MD5

    6a0c9fe08e3f92c11471799549045786

  • SHA1

    4c7c9d650d666812901fcda6d439d1b7880c3f8e

  • SHA256

    ce3e5610916383ef51874b86926f2fb5a21637f08ef1cadcefa1f67c578c449f

  • SHA512

    193f8da564dbb7765ccbfb89a6c2331579ce038e060e03cee65e3d0d4f9fc39586b8541eb0f1cc5275ad7ffc9b5e0f732b2f3956eeed6995a224e9df83b23a20

  • SSDEEP

    393216:V/EAY8agqiFPY4Scoa6AX2z7QL6PFSnGoCwE:9PY8Bc4kxAGzMVGoCwE

Malware Config

Extracted

Family

meduza

C2

109.107.181.83

Targets

    • Target

      responsibilityleadpro/responsibilityleadpro.exe

    • Size

      14.6MB

    • MD5

      7efdb8104be2cb54cb77ee615d9c6197

    • SHA1

      f937e4c7ce6151d2a662f180420ab8e6ac654ac5

    • SHA256

      40c251a8afb49d3b567a370e67ca7861a4cc2008c7deef39c3739284c1b7e3e8

    • SHA512

      77fc43b3e3b89bba626735e7dbc6129bfead17a430bffc61eee861bb6edfb477db74f6f646bad04de360f512fb6676e27cf739812fa628b308592a42295aded6

    • SSDEEP

      393216:sHCoIgksmCvTUu++OqYW1cVXWLkbl+L+QU+:4BIgLSu65W2V+1yQU+

    • Detect ZGRat V1

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

    • Meduza Stealer payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks