meduza | 5eb3bb67656d990ceec07f55c78dcd8032a7cf00ac919a399e3642b177f68381 | Triage

Sharing

General

Target

pclient.exe
Size

2.0MB
Sample

240908-remvlssdqb
MD5

8e68427d6c9966a3fedf712565728e84
SHA1

8b9acaf56b31c00ef02d9bb753280d2d6e2d4e41
SHA256

5eb3bb67656d990ceec07f55c78dcd8032a7cf00ac919a399e3642b177f68381
SHA512

d02185a42a600ebf0cc6ecbe31bc91cbf13df6c606614ac3edb7f5f73858dc7c2697a8ddd715e386365933364b638b50a27ba8a404825731873bf67c5e6aa491
SSDEEP

24576:ibAyYeAnUuZBAZrC+E+U8GyGRErnHQSs18hRyLclY88FWf0fQAvzAqMC7YfJu1XQ:ibYBnF7AFF6R8h3UzeowJysX

Score

10^/10

meduza collection discovery spyware stealer

Malware Config

Extracted

Family

meduza

C2

62.133.60.75

Targets

- Target
  
  pclient.exe
- Size
  
  2.0MB
- MD5
  
  8e68427d6c9966a3fedf712565728e84
- SHA1
  
  8b9acaf56b31c00ef02d9bb753280d2d6e2d4e41
- SHA256
  
  5eb3bb67656d990ceec07f55c78dcd8032a7cf00ac919a399e3642b177f68381
- SHA512
  
  d02185a42a600ebf0cc6ecbe31bc91cbf13df6c606614ac3edb7f5f73858dc7c2697a8ddd715e386365933364b638b50a27ba8a404825731873bf67c5e6aa491
- SSDEEP
  
  24576:ibAyYeAnUuZBAZrC+E+U8GyGRErnHQSs18hRyLclY88FWf0fQAvzAqMC7YfJu1XQ:ibYBnF7AFF6R8h3UzeowJysX
Score

10^/10

meduza collection discovery spyware stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meduzacollectiondiscoveryspywarestealer

behavioral2