General
-
Target
3d3c1a44e0ba95c13717557f65bda9aeb3078e875243fd9a94bedc416de2b2fd
-
Size
770KB
-
Sample
240726-k9nl3ayepp
-
MD5
0416386f22054cd697c2b7802cdb9fbf
-
SHA1
5a3a0e08b1dad7bb234cedf1e335ebfd63bd0632
-
SHA256
3d3c1a44e0ba95c13717557f65bda9aeb3078e875243fd9a94bedc416de2b2fd
-
SHA512
145a09019a4954990638d0d6753b1f41a33c665f8805e321ae716a06d0522eeb43c4637eeece025e8dca09cd27d24aa61cc2a6554f42a03260453fc204476a85
-
SSDEEP
12288:+LyyNrbuZ5qjz6089c0tXTzS3N0mHNubwR/LOBHa2pfNgPFLf+HjR4E4hHsE:KyyNravqQ99C3amtuwYHa2JOF84hHX
Malware Config
Targets
-
-
Target
114b868f319162c5d6ff92796e41910f54de0e89f895a066fd4980c6dba2e323.exe
-
Size
1.2MB
-
MD5
ef95411945330db1907508d38bc373ac
-
SHA1
7bb8d57cb26f3927bd741db598254efd72f249c4
-
SHA256
114b868f319162c5d6ff92796e41910f54de0e89f895a066fd4980c6dba2e323
-
SHA512
2ca5709cae5f19b9e95b80df91d00cdc81522f41c5be7070434df8edb25f80f4c1d1704f8db7824f6cae0bb81e4cd1c987d58749a56853a1a5da65542ab2bc8c
-
SSDEEP
24576:snz6dSHy7DXstIVWn4etKUBYWPezgW8Ns:8zf5N4qKUGWP9W8
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-