General
-
Target
responsibilityleadpro.exe
-
Size
2.5MB
-
Sample
240726-jcy6vsthmq
-
MD5
7ec668c3b4c15673fba630de189fb498
-
SHA1
374c51e20c296bcf6de38c069617576d947a6044
-
SHA256
2a8a340fc9c395fe23211ac95d124b64452d49c67b069f53aaf3dbe16e95791d
-
SHA512
8999cdbd5bd744f5b933e412d98bf190f81a42ce005aa22da66d0007dab781c6d1a70eb70ceadbbf2cdb43e93186e00c751a75eb27701cf46f9c67504dde770a
-
SSDEEP
49152:RAhSsz4fvLn4bJphafC8WzffFP30EaInD0Qy:U3zffFMEaCD0
Malware Config
Targets
-
-
Target
responsibilityleadpro.exe
-
Size
2.5MB
-
MD5
7ec668c3b4c15673fba630de189fb498
-
SHA1
374c51e20c296bcf6de38c069617576d947a6044
-
SHA256
2a8a340fc9c395fe23211ac95d124b64452d49c67b069f53aaf3dbe16e95791d
-
SHA512
8999cdbd5bd744f5b933e412d98bf190f81a42ce005aa22da66d0007dab781c6d1a70eb70ceadbbf2cdb43e93186e00c751a75eb27701cf46f9c67504dde770a
-
SSDEEP
49152:RAhSsz4fvLn4bJphafC8WzffFP30EaInD0Qy:U3zffFMEaCD0
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-