General
-
Target
leadiadequatepro.exe
-
Size
14.1MB
-
Sample
240515-n4d28agd65
-
MD5
b149f82964b1e269ade2686612a9e777
-
SHA1
9ccccc1fe6c947dcbc779624ffa9a0fd1b7e7790
-
SHA256
9f2c70239fe518552ee44423564b075a85e0fc1e7bd80dc233bcc1f882ffceb9
-
SHA512
5c07589d51c21310415fb2fd616ac6fe23b1ec7e26007b6a3d2ce948bcbc3613db14bbc5686f5f352fb614cea00b3af657d1d6a9e2a078c3487d345d145ec2c9
-
SSDEEP
393216:FwI5aqRbG66MMgLaDArf6tY5yParKZwVgIZlds:FwSHLyMytYYP8KZwKI
Static task
static1
Behavioral task
behavioral1
Sample
leadiadequatepro.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
meduza
109.107.181.83
Targets
-
-
Target
leadiadequatepro.exe
-
Size
14.1MB
-
MD5
b149f82964b1e269ade2686612a9e777
-
SHA1
9ccccc1fe6c947dcbc779624ffa9a0fd1b7e7790
-
SHA256
9f2c70239fe518552ee44423564b075a85e0fc1e7bd80dc233bcc1f882ffceb9
-
SHA512
5c07589d51c21310415fb2fd616ac6fe23b1ec7e26007b6a3d2ce948bcbc3613db14bbc5686f5f352fb614cea00b3af657d1d6a9e2a078c3487d345d145ec2c9
-
SSDEEP
393216:FwI5aqRbG66MMgLaDArf6tY5yParKZwVgIZlds:FwSHLyMytYYP8KZwKI
Score10/10-
Detect ZGRat V1
-
Meduza Stealer payload
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-