General
-
Target
tmp
-
Size
157KB
-
Sample
240419-tkesashe41
-
MD5
5790d1417f8f00bd7ec6fb7011c79d9c
-
SHA1
36076ed9457c45d94e664ea291eb01e5c70d084b
-
SHA256
ad07503bc046f5b3d65eb61646fa826bc39560916c6e1ef2c3437b6465b30a82
-
SHA512
b19195510624ad16a4730282c97b68d05e4890a33d91f86f24eaf921e23e7786649e4e31aaaec2d9d6c7bb3695c615851d7aed3e53b13083e03acbc8d0543ef0
-
SSDEEP
3072:XahKyd2n31D5GWp1icKAArDZz4N9GhbkrNEk1eT:XahOfp0yN90QEB
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
meduza
109.107.181.83
Targets
-
-
Target
tmp
-
Size
157KB
-
MD5
5790d1417f8f00bd7ec6fb7011c79d9c
-
SHA1
36076ed9457c45d94e664ea291eb01e5c70d084b
-
SHA256
ad07503bc046f5b3d65eb61646fa826bc39560916c6e1ef2c3437b6465b30a82
-
SHA512
b19195510624ad16a4730282c97b68d05e4890a33d91f86f24eaf921e23e7786649e4e31aaaec2d9d6c7bb3695c615851d7aed3e53b13083e03acbc8d0543ef0
-
SSDEEP
3072:XahKyd2n31D5GWp1icKAArDZz4N9GhbkrNEk1eT:XahOfp0yN90QEB
Score10/10-
Detect ZGRat V1
-
Meduza Stealer payload
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-