meduza | 114b868f319162c5d6ff92796e41910f54de0e89f895a066fd4980c6dba2e323

Analysis

max time kernel
48s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 10:48

Target

114b868f319162c5d6ff92796e41910f54de0e89f895a066fd4980c6dba2e323.exe
Size

1.2MB
MD5

ef95411945330db1907508d38bc373ac
SHA1

7bb8d57cb26f3927bd741db598254efd72f249c4
SHA256

114b868f319162c5d6ff92796e41910f54de0e89f895a066fd4980c6dba2e323
SHA512

2ca5709cae5f19b9e95b80df91d00cdc81522f41c5be7070434df8edb25f80f4c1d1704f8db7824f6cae0bb81e4cd1c987d58749a56853a1a5da65542ab2bc8c
SSDEEP

24576:snz6dSHy7DXstIVWn4etKUBYWPezgW8Ns:8zf5N4qKUGWP9W8

Score

10^/10

meduza stealer

Meduza
Meduza is a crypto wallet and info stealer written in C++.
stealer meduza

Meduza Stealer payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1348-0-0x00000255C1CF0000-0x00000255C1DD9000-memory.dmp	family_meduza

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

54 api.ipify.org
55 api.ipify.org

flow	ioc
54	api.ipify.org
55	api.ipify.org

C:\Users\Admin\AppData\Local\Temp\114b868f319162c5d6ff92796e41910f54de0e89f895a066fd4980c6dba2e323.exe
"C:\Users\Admin\AppData\Local\Temp\114b868f319162c5d6ff92796e41910f54de0e89f895a066fd4980c6dba2e323.exe"
1⤵
PID:1348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:3044

memory/1348-0-0x00000255C1CF0000-0x00000255C1DD9000-memory.dmp

Filesize
932KB

Download