meduza | 4b16b9168f582448d16e99701ac2350175a369004fe52367bb0fdd4fbf423efb | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

4b16b9168f582448d16e99701ac2350175a369004fe52367bb0fdd4fbf423efb
Size

1.1MB
Sample

240826-tgn7kasejh
MD5

edcf54af80b2e95213811c8ddf962fdb
SHA1

bc4c5cc5abf7b1eeca77c22063f84a155b77c6e7
SHA256

4b16b9168f582448d16e99701ac2350175a369004fe52367bb0fdd4fbf423efb
SHA512

4672ee1f72d71b3e2b4498b3e888671c1e8293e2f6e214195e0188b66b9bb50619e7f37669191e53aa54b646e5ed424c6c3aa792d76cfc65735e7ddb08779cef
SSDEEP

24576:N+SV2awrjvJecHcMozsYfB84DZcmdAjM736leiUa1SIj9:cu2zrTfctewcwCEhDa1Sc

Score

10^/10

meduza credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4b16b9168f582448d16e99701ac2350175a369004fe52367bb0fdd4fbf423efb.exe

Resource

win10v2004-20240802-en

meduza credential_access discovery spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4b16b9168f582448d16e99701ac2350175a369004fe52367bb0fdd4fbf423efb.exe

Resource

win11-20240802-en

meduza credential_access discovery spyware stealer

windows11-21h2-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  4b16b9168f582448d16e99701ac2350175a369004fe52367bb0fdd4fbf423efb
- Size
  
  1.1MB
- MD5
  
  edcf54af80b2e95213811c8ddf962fdb
- SHA1
  
  bc4c5cc5abf7b1eeca77c22063f84a155b77c6e7
- SHA256
  
  4b16b9168f582448d16e99701ac2350175a369004fe52367bb0fdd4fbf423efb
- SHA512
  
  4672ee1f72d71b3e2b4498b3e888671c1e8293e2f6e214195e0188b66b9bb50619e7f37669191e53aa54b646e5ed424c6c3aa792d76cfc65735e7ddb08779cef
- SSDEEP
  
  24576:N+SV2awrjvJecHcMozsYfB84DZcmdAjM736leiUa1SIj9:cu2zrTfctewcwCEhDa1Sc
Score

10^/10

meduza credential_access discovery spyware stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meduzacredential_accessdiscoveryspywarestealer

behavioral2

meduzacredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy