Overview

overview

10

Static

static

10

Medusa.exe

windows7-x64

10

Medusa.exe

windows10-2004-x64

10

Resubmissions

25-06-2024 22:00

240625-1w1x8swcnh 10

Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-06-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Medusa.exe

  • Size

    78KB

  • MD5

    5b4483e4d0d5d3c245509d44f6ede105

  • SHA1

    7f55b3ff41fa5a810e44d74b79f5bf3953882707

  • SHA256

    379449b8c2d0053cea2aa786cf2ad6e3cd61e67793ac5b68be77358360b0ce42

  • SHA512

    14066a18f5439efc767cecd347b658679ba39fc7135bcbe6f3c731ceb38ce614788015391df1ed2fcdda9233d2a655156126d298e94d7479ccfb99028fb2012a

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC

Score
10/10
discordratpersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwNDEwODc0MjM5Njg3MDczNw.Gw9Kyr.z1zBnV1wCUwvnB-hn8vkxiW22uEX8O5oY4F9Qk

  • server_id

    1204106853043273729

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Downloads MZ/PE file
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Medusa.exe
    "C:\Users\Admin\AppData\Local\Temp\Medusa.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1524

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1524-1-0x00007FF899AA3000-0x00007FF899AA5000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1524-0-0x000001910BA00000-0x000001910BA18000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1524-2-0x0000019125F50000-0x0000019126112000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/1524-3-0x00007FF899AA0000-0x00007FF89A561000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1524-4-0x0000019126750000-0x0000019126C78000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/1524-5-0x00007FF899AA3000-0x00007FF899AA5000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1524-6-0x00007FF899AA0000-0x00007FF89A561000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1524-7-0x0000019126280000-0x000001912628E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1524-8-0x0000019126370000-0x000001912663A000-memory.dmp
    Filesize

    2.8MB

    Download