Overview

overview

10

Static

static

3

73171634ce...a7.exe

windows7-x64

10

73171634ce...a7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 09:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73171634ceb5c5007cf78a6f32d6633590830f39f4e5311a4f323a4d44975ca7.exe

  • Size

    710KB

  • MD5

    a56e3df8626cce4f50fe2aeb701143b9

  • SHA1

    cb2299427c7331e58d7835594bfd457bbb33cdd5

  • SHA256

    73171634ceb5c5007cf78a6f32d6633590830f39f4e5311a4f323a4d44975ca7

  • SHA512

    b77c808a9159e73e5dd06006e262c9bd514c95b835046aed9a8ea32360c8075e81b5def9e9dad4c6e3000e561051362e17e98c77065bf282e1e937ed1947c043

  • SSDEEP

    12288:YdZxe/23RX91E/6dMz4PZoQPYitmenbxaR8TFTmXlLJgog1v8e8:G+8R32wMz4PzMCxa6T4XluR

Score
10/10
meduzaspywarestealer

Malware Config

Extracted

Family

meduza

C2

77.105.147.172

Signatures

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • C:\Users\Admin\AppData\Local\Temp\73171634ceb5c5007cf78a6f32d6633590830f39f4e5311a4f323a4d44975ca7.exe
    "C:\Users\Admin\AppData\Local\Temp\73171634ceb5c5007cf78a6f32d6633590830f39f4e5311a4f323a4d44975ca7.exe"
    1⤵
    • Checks computer location settings
    PID:2372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2372-0-0x0000000140000000-0x00000001400B6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2372-16-0x0000000140000000-0x00000001400B6000-memory.dmp

    Filesize

    728KB

    Download