meduza | 208cf6b8c728eb97c9347ee014dbc3dabfc13445531a2c6f27883fd38f3bd02e

Sharing

Copy URL

Twitter E-mail

General

Target

208cf6b8c728eb97c9347ee014dbc3dabfc13445531a2c6f27883fd38f3bd02e
Size

2.5MB
MD5

855764cbf6f0e6040cfa93a12f638b64
SHA1

9ed2f99039ac0cab2d3346219927100f469ab9fa
SHA256

208cf6b8c728eb97c9347ee014dbc3dabfc13445531a2c6f27883fd38f3bd02e
SHA512

d02cbeafeab0635b14914f8439b52fbf96932c091eac43304a472fd11c265feb8c5680fd8de52d8bf178a07c1876a0758690c99864e5b2314aa932b204f131ae
SSDEEP

49152:jf51JoDG+evjXRGAsgO5BxJAsk1GNaNW/vffUYKcUl8uQc/4rai:B+95HJe1W/vffVKNl8uQcUZ

Score

10^/10

meduza

Malware Config

Signatures

Meduza Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_meduza
Meduza family
meduza

resource	yara_rule
sample	family_meduza

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
208cf6b8c728eb97c9347ee014dbc3dabfc13445531a2c6f27883fd38f3bd02e

Files

208cf6b8c728eb97c9347ee014dbc3dabfc13445531a2c6f27883fd38f3bd02e
.exe windows:6 windows x64 arch:x64

c7335434a81d108cff313dcdc8606579

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wininet

InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenUrlA
InternetReadFile
InternetOpenA

rstrtmgr

RmEndSession
RmGetList
RmRegisterResources
RmStartSession

ntdll

NtQuerySystemInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
NtQueryObject

crypt32

CryptUnprotectData

ws2_32

WSAStartup
socket
WSACleanup
htons
inet_addr
connect
send
closesocket

kernel32

GetFileInformationByHandleEx
InitializeCriticalSectionEx
GetComputerNameA
GetLastError
GlobalMemoryStatusEx
GetModuleHandleW
GetProcAddress
GetNativeSystemInfo
GetProductInfo
GetModuleFileNameA
GetUserGeoID
GetGeoInfoA
DecodePointer
DeleteCriticalSection
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetProcessId
GetModuleHandleA
OpenProcess
GetFinalPathNameByHandleA
CloseHandle
GetFileSize
SetFilePointer
ReadFile
GetSystemInfo
WideCharToMultiByte
LocalFree
ExitProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
VirtualAlloc
VirtualProtect
VirtualQuery
WriteFile
OutputDebugStringW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEndOfFile
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
FlushFileBuffers
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
CreateFileW
AreFileApisANSI
LCMapStringEx
CompareStringEx
RaiseException
GetTimeZoneInformation
GetFileAttributesExW
FindFirstFileW
GetLocaleInfoEx
FormatMessageA

user32

GetSystemMetrics
UnregisterClassW
GetDC
EnumDisplayDevicesW
ReleaseDC

gdi32

BitBlt
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
SelectObject
DeleteDC
GetObjectW

advapi32

RegQueryValueExA
RegOpenKeyExA
GetCurrentHwProfileW
RegCloseKey

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree
CreateStreamOnHGlobal

shlwapi

ord184
ord214
ord213

gdiplus

GdipGetImageEncodersSize
GdiplusShutdown
GdipFree
GdipCloneImage
GdipAlloc
GdiplusStartup
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromScan0

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 694KB - Virtual size: 793KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7335434a81d108cff313dcdc8606579

Headers

DLL Characteristics

File Characteristics

Imports

wininet

rstrtmgr

ntdll

crypt32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 224KB - Virtual size: 224KB

.data Size: 694KB - Virtual size: 793KB

.pdata Size: 69KB - Virtual size: 69KB

.reloc Size: 173KB - Virtual size: 172KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 224KB - Virtual size: 224KB

.data
Size: 694KB - Virtual size: 793KB

.pdata
Size: 69KB - Virtual size: 69KB

.reloc
Size: 173KB - Virtual size: 172KB