Extracted

• • Target

    24c2b60c0ac34c1b84028a28baec5d70N.exe

  • Size

    7.2MB

  • MD5

    24c2b60c0ac34c1b84028a28baec5d70

  • SHA1

    b0e6630bcd94fcc6de37b034adf2e7515bb776c7

  • SHA256

    455cd0db2de92ee348295780f8fc7a32a5406a5986a4d162761680f11b6346b1

  • SHA512

    7e689b7ca0db405529951e4277a6c8463d356229d2a73d1674fdca585142b1d07a34528bb4a1b7a5ef3272b1d767d17a3065015e02cbc69b9eabcbcb7a282447

  • SSDEEP

    49152:X2Xnu7QcKy/gBwdq1p//GSmgZIzdLTB1O7:X2XnyQch/+CSmgZIBL91O7

  Score

  10^/10

  meduzacollectiondiscoverypersistencespywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2