meduza | 643dde3f461907a94f145b3cd8fe37dbad63aec85a4e5ed759fe843b9214a8d2 | Triage

Sharing

General

Target

mr_0x0003B03B43F6EE12.exe
Size

2.1MB
Sample

240709-s8kg1s1cml
MD5

0468a32ad1ed1169e98b897d87f51164
SHA1

0d9dc54a5f91e6ed7d324c2a65b152a168d57b08
SHA256

643dde3f461907a94f145b3cd8fe37dbad63aec85a4e5ed759fe843b9214a8d2
SHA512

7deb90629608f3a227e96d948bbb4c78ad21e1eb659bfdab903d4f25bdb1e6c8af7edec9604274aa745dd90f8253e48fbccf661f2bc2b6609e5b8807645750ca
SSDEEP

24576:GQZEhAybJ37KtuUZ786qGbAJYhIRKPS0dJDhrI4ufnLVVx90e+7ym:WAC3a78sIRSGVV8V5

Score

10^/10

meduza collection discovery spyware stealer

Malware Config

Extracted

Family

meduza

C2

5.42.107.78

Targets

- Target
  
  mr_0x0003B03B43F6EE12.exe
- Size
  
  2.1MB
- MD5
  
  0468a32ad1ed1169e98b897d87f51164
- SHA1
  
  0d9dc54a5f91e6ed7d324c2a65b152a168d57b08
- SHA256
  
  643dde3f461907a94f145b3cd8fe37dbad63aec85a4e5ed759fe843b9214a8d2
- SHA512
  
  7deb90629608f3a227e96d948bbb4c78ad21e1eb659bfdab903d4f25bdb1e6c8af7edec9604274aa745dd90f8253e48fbccf661f2bc2b6609e5b8807645750ca
- SSDEEP
  
  24576:GQZEhAybJ37KtuUZ786qGbAJYhIRKPS0dJDhrI4ufnLVVx90e+7ym:WAC3a78sIRSGVV8V5
Score

10^/10

meduza collection discovery spyware stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

meduzacollectiondiscoveryspywarestealer