General
-
Target
.vbs
-
Size
15KB
-
Sample
240909-vbvmts1dkh
-
MD5
ab1766e20f7dcd989dbe5178f79f1021
-
SHA1
13c6d022745280d08981a625ab810b0f0400a10c
-
SHA256
f3d1ba12a5642f65761296e6b5c32c5293864c8413c5fb31d2879b82ac11d298
-
SHA512
c2f4e3447566451551afcf87ccdf5fc2b6ac7af3d9f31b244c103efa40171d6f3c689ebdda7fdd3bb8a744c0d9a4979e86e1cd0a432a5867667f87a108a9963c
-
SSDEEP
192:X9Wmqq87qxnoIqCglHyGpItEBgGAoBgD4aM8PjQ97rMM0t/lTd7Ee82FPJQR0cG6:XEmqttNSuBQ2MLPj87OPJmxNSiMFpWB
Malware Config
Targets
-
-
Target
.vbs
-
Size
15KB
-
MD5
ab1766e20f7dcd989dbe5178f79f1021
-
SHA1
13c6d022745280d08981a625ab810b0f0400a10c
-
SHA256
f3d1ba12a5642f65761296e6b5c32c5293864c8413c5fb31d2879b82ac11d298
-
SHA512
c2f4e3447566451551afcf87ccdf5fc2b6ac7af3d9f31b244c103efa40171d6f3c689ebdda7fdd3bb8a744c0d9a4979e86e1cd0a432a5867667f87a108a9963c
-
SSDEEP
192:X9Wmqq87qxnoIqCglHyGpItEBgGAoBgD4aM8PjQ97rMM0t/lTd7Ee82FPJQR0cG6:XEmqttNSuBQ2MLPj87OPJmxNSiMFpWB
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1