meduza | 3148cfb653836bf50c141cc59904eb2df60e59ecc548d00ecd4925a49fe51658 | Triage

Submit
Reports

Overview

overview

Static

static

3

b20de9452f...be.exe

windows7-x64

b20de9452f...be.exe

windows10-2004-x64

Sharing

General

Target

7cf0ba422c37585d399e4dffb0b7757c.bin
Size

6.5MB
Sample

240418-bwst7afc29
MD5

28c71937244877980b0ee02e301a97b6
SHA1

683cac34cc1472ecb111c527c8a92d173b683042
SHA256

3148cfb653836bf50c141cc59904eb2df60e59ecc548d00ecd4925a49fe51658
SHA512

3412777f446d9e00b4e15ab6b6c306930dfbe27ecbfce298629c901e89b7ac2515cbf035af35bc07bbb56e69ef4a2bde717771d771c4e95a84b137927d8a3d17
SSDEEP

196608:c9dCaSU/FMAW4zg2UD78lob5XNJibrNnElsmEcgx:c/Cp4OAW4Avzb1NJibrNnElpgx

Score

10^/10

meduza zgrat collection rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b20de9452f77b912c49bd307cc1e2550abb4e17d8497655e64ed0883ce4cfcbe.exe

Resource

win7-20240220-en

meduza zgrat collection rat stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b20de9452f77b912c49bd307cc1e2550abb4e17d8497655e64ed0883ce4cfcbe.exe

Resource

win10v2004-20240412-en

meduza zgrat collection rat stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

109.107.181.83

Targets

- Target
  
  b20de9452f77b912c49bd307cc1e2550abb4e17d8497655e64ed0883ce4cfcbe.exe
- Size
  
  6.6MB
- MD5
  
  7cf0ba422c37585d399e4dffb0b7757c
- SHA1
  
  d7b1b39ccdb9287edbae0aa9496ab1d678a4780b
- SHA256
  
  b20de9452f77b912c49bd307cc1e2550abb4e17d8497655e64ed0883ce4cfcbe
- SHA512
  
  f28f438298954bdabfeb8848dcafe35e074b1750c32e9f01268e41ced8a2acac3e298159b85f159e9c9d4814f73ce2b89c1d8a8afc4a7a2ab30c2258dc3237c1
- SSDEEP
  
  196608:2UU5u4Ef30GhXdLPLPCiZMwVnvrgDK+Sshs:Z6FEvHdHC2M8vlEs
Score

10^/10

meduza zgrat collection rat stealer
- Detect ZGRat V1
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meduzazgratcollectionratstealer

behavioral2

meduzazgratcollectionratstealer

© 2018-2024

Terms | Privacy