General
-
Target
8ddf88965ab1fd9eadc5968e54519b6c9b41f726f285407a1af655c72fc119be
-
Size
2.0MB
-
Sample
240826-smx6zszhlg
-
MD5
5b4fdb19963fce2e64fc0890df5346d4
-
SHA1
2cc3d3e389537b5b3591d857050548e282e61000
-
SHA256
8ddf88965ab1fd9eadc5968e54519b6c9b41f726f285407a1af655c72fc119be
-
SHA512
f29bbee8917669cb806a68d51ff4101aa8852b05d430f15d5342dab39e496cf9f16f92df7860655189ec72529f68e57bd1cf9d5b6dde72914c9ff6f97f1bc308
-
SSDEEP
49152:mTTFQGBE4R87o04gyxMkJZVRamAcHLx2ZfA+JqIfREQBw:mn6GO4UojgWJbX+A+b
Malware Config
Targets
-
-
Target
8ddf88965ab1fd9eadc5968e54519b6c9b41f726f285407a1af655c72fc119be
-
Size
2.0MB
-
MD5
5b4fdb19963fce2e64fc0890df5346d4
-
SHA1
2cc3d3e389537b5b3591d857050548e282e61000
-
SHA256
8ddf88965ab1fd9eadc5968e54519b6c9b41f726f285407a1af655c72fc119be
-
SHA512
f29bbee8917669cb806a68d51ff4101aa8852b05d430f15d5342dab39e496cf9f16f92df7860655189ec72529f68e57bd1cf9d5b6dde72914c9ff6f97f1bc308
-
SSDEEP
49152:mTTFQGBE4R87o04gyxMkJZVRamAcHLx2ZfA+JqIfREQBw:mn6GO4UojgWJbX+A+b
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1