meduza

Sharing

Copy URL

Twitter E-mail

General

Target

Solara_External.zip
Size

22.5MB
Sample

241001-cwdwpszgqc
MD5

2449d9a7279b8bbe715be8b0f0e4cae7
SHA1

eb562e1de39c4d92fa8d695a1952723b013a295b
SHA256

43abf0007f712220af5a5339aace99fb68929652bcacee4779c2f432220a15c4
SHA512

368f9e3ec15d7e786b247f2f26cecc0bef2490c1bc9b6fb464e385821369da3d19194aab5c988384635133133afeb6372ed4e85b25916a24d1ac25397230c3f1
SSDEEP

393216:eaG1uKsjU39YlLjDPNfK1QF8O0IeDYeXgj5yZRVSvdol0FTb0lF3vLRNt6:eaIuKsjU9YlTNCSeO0jD5gj50Svd0wT9

Score

10^/10

Malware Config

Extracted

Family

meduza

109.107.181.162

Targets

- Target
  
  Solara_External.zip
- Size
  
  22.5MB
- MD5
  
  2449d9a7279b8bbe715be8b0f0e4cae7
- SHA1
  
  eb562e1de39c4d92fa8d695a1952723b013a295b
- SHA256
  
  43abf0007f712220af5a5339aace99fb68929652bcacee4779c2f432220a15c4
- SHA512
  
  368f9e3ec15d7e786b247f2f26cecc0bef2490c1bc9b6fb464e385821369da3d19194aab5c988384635133133afeb6372ed4e85b25916a24d1ac25397230c3f1
- SSDEEP
  
  393216:eaG1uKsjU39YlLjDPNfK1QF8O0IeDYeXgj5yZRVSvdol0FTb0lF3vLRNt6:eaIuKsjU9YlTNCSeO0jD5gj50Svd0wT9
Score

1^/10
behavioral1 behavioral2
- Target
  
  CefSharp.BrowserSubprocess.Core.dll
- Size
  
  915KB
- MD5
  
  100c32f77e68a2ce962e1a28997567ea
- SHA1
  
  a80a1f4019b8d44df6b5833fb0c51b929fa79843
- SHA256
  
  c0b9e29b240d8328f2f9a29ca0298ca4d967a926f3174a3442c3730c00d5a926
- SHA512
  
  f95530ef439fa5c4e3bc02db249b6a76e9d56849816ead83c9cd9bcd49d3443ccb88651d829165c98a67af40b3ef02b922971114f29c5c735e662ca35c0fb6ed
- SSDEEP
  
  24576:PkwmtUw8kMmxuUjB7v/jFAGGUY9Wis0veKCZ2ZiVBhEDssQjPc8DnXoSiW+YfDxN:PrOer9Wis0veKCZ2ZiVBhEDssQjPc8DT
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  CefSharp.Core.dll
- Size
  
  898KB
- MD5
  
  1bb24b22d9bd996c038d26b600ed18a8
- SHA1
  
  c2629a8a26c9c0969501923f84874838087cca2b
- SHA256
  
  944b987a0b677d354e24ee15bba65f73b0f051338f576234a975a49493399873
- SHA512
  
  38578e0d1a39ccc9851ff80d3a0f5342a34303229e2898c3ca32dad11017d4277720f54b472c2f1a0b73f47d5ba6352aa7be8ae2ed72b3b25a01dd8292591421
- SSDEEP
  
  6144:f6tY8dWKH9OxlAADuyszmqcRePgvoMtkjmIfLtfTPxrnQGf4YsFZtFCiHF9/zZgl:fW9OJopjjtrJTA/4iHfbaRWt
Score

1^/10
behavioral5 behavioral6
- Target
  
  CefSharp.Wpf.dll
- Size
  
  114KB
- MD5
  
  ceaf0bad83fac8ce71853cd820e4ed9d
- SHA1
  
  4eed686fbba7d4603b596fb8e494b8f452a05886
- SHA256
  
  eaced1f76adb8ee756033baee29a47b1f4d4b657ebd105a7e25c8dc4fbc48cba
- SHA512
  
  4ed3f83e797eade8f0d1c6b80ce49d18f00daaf5d69421a4920e3cea2e7d78c3622193ca65b6ab1dab14c57e7f893a7b1edb27b83f343ea4df731d80aa21ff82
- SSDEEP
  
  3072:GtXa7DS3PzVafuE92oNf1VmVg1s0cOm5RpE:GtK7DS3PzVafuEUNVg1fI
Score

1^/10
behavioral7 behavioral8
- Target
  
  Solara.exe
- Size
  
  2.4MB
- MD5
  
  0deb8032eee2cfe15754044442b5bc28
- SHA1
  
  825e16d17ac482389804ff5f5f2165315411ab22
- SHA256
  
  80c7757f87925a24bc0e4225a753c2f3e3ce40ffc2c9d46f48581dab95a95f7c
- SHA512
  
  1abd0199a8cf036e5a122a860b067c3b2acdee4dc38c694a61c5b117d6de8ee775160e15ef0a8460a9fc8abc9e09b3ec1a9522aa26c4b8c92276dbbed22a2610
- SSDEEP
  
  49152:Mm3c8RgY8M2lBfNGy8Tt5nVzZTM3pyTsFmrLHch+HFNWSOxv5SOYb1QYH:V5y8Tt5rHsAbcg9Oxv5nS
Score

10^/10

meduza collection discovery spyware stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  bin/lz4.dll
- Size
  
  117KB
- MD5
  
  f7e2f224f8dbe22012c7ff20590b8770
- SHA1
  
  99775e038e306a2b5f73f6e7d8d42a5799ace824
- SHA256
  
  c62f829bc0f820bca6bf14b380b285a169cd1395df864bbec692f8ca31bc4e70
- SHA512
  
  96d2938cd77b48e4efdc7212a92327ac5ce43ad757fcff88eb5cbd3eb2fac1bbcaa2e119881f3cb902c634db8ef16e69146ebfe972ab0ecb2cf3b769e0818f89
- SSDEEP
  
  1536:FVP0R6tS1m4baJ1ocCcl+DBZD5C3gTg60bEior69ggjpA38Ajcqv:Fxy9bs1oTfBZDugTgpbEXh0A38AYk
Score

1^/10
behavioral11 behavioral12
- Target
  
  bin/wolfssl.dll
- Size
  
  1.2MB
- MD5
  
  a396ee8375252d04da31676fe1b3ff75
- SHA1
  
  57aee1e5b69a85d0e0b7d5a103ddb683f0204cce
- SHA256
  
  7dc3aeda7518abb376a6932583669e7e1595a656edeae65af1397807322e8a25
- SHA512
  
  ff755bed789869a8cc2adc05b7a3b234ef93997b1774cc719d506ce4dd03fcd0ed6d320a13d815e27a21ebdf99f3308ea47a8de6b9a25ca4eaa8fb4045fbb0db
- SSDEEP
  
  24576:yoCqsxtqSepCBr5fFrHodqht+tmiw9P9TsdJRV5Wodh8NHmoz:3CzASep0r5fFrHoUht+tU9TsrRV5WodE
Score

1^/10
behavioral13 behavioral14
- Target
  
  bin/xxhash.dll
- Size
  
  45KB
- MD5
  
  161bd3d60228dd16c54a927250af3e49
- SHA1
  
  463243c3cc2e0bca16f3ced2c3b70c13a0e97fa6
- SHA256
  
  ecb5aa2bf0ff355a7b36bb3a991264655e13e0f2c9e88b9dfa39d7fe4c5142a7
- SHA512
  
  3716ce34c1e9931007f374685a6588bc355e942872e7a42eaa4c5be9a0fdc93f081a1dc5c3d8fec4a4563dbd556f4d046f7bf3d50840c02d8aa822eaca7a577b
- SSDEEP
  
  768:I9otvM7DZ1LMDJdj+LVvgFlJus4zBOQdlyR0/A:I9UEDLMDJxKM0scUS
Score

1^/10
behavioral15 behavioral16
- Target
  
  bin/zlib1.dll
- Size
  
  87KB
- MD5
  
  f6fc96cfccdd9958a157546faa4c13a9
- SHA1
  
  ae8e4171a0583a761ae4428e5757daeedaf2a157
- SHA256
  
  231e29c228652e9d6504e608a1cc53311e762cd4c78deb7c9ef11bc27f13d3da
- SHA512
  
  fb983083b5c620616d2547a7903f8ebfd2ad52ed9bdde8264b6e555fb47644c488779d3ade52f5e601dbc31e67f40ea973f41f45af242790dc5d8a91c163c8dc
- SSDEEP
  
  1536:Q7wjHHWwn1rhEzjEp70E2thqlz4bqIOcIOZFkGnd02H:QcjH2w1EjEpIq6b4SZFfndjH
Score

1^/10
behavioral17 behavioral18
- Target
  
  bin/zstd.dll
- Size
  
  634KB
- MD5
  
  59c9f23830bfb7b4fdc81bbd1e719810
- SHA1
  
  e58049c836931a22768ce2e4502b3a856e2ecd18
- SHA256
  
  9c37186c40d01e0ed9a42846c66aba449be5fe6c2da18ef6794422b5fa2ff8eb
- SHA512
  
  b52f1d0e764159453ddebd70665c3a43c61e963651cf671db8994c74f2dd35dcfc79b2c4d19c5e8d6c8564c824285426c1ec651b02f1956d331447e9405212ff
- SSDEEP
  
  12288:iilkxK/S1adDEh1qMkUFZe8/pJcOAAqy:iilkb1adDEh1qMkYZe8/pJxAAZ
Score

1^/10
behavioral19 behavioral20
- Target
  
  d3dcompiler_47.dll
- Size
  
  3.9MB
- MD5
  
  3b4647bcb9feb591c2c05d1a606ed988
- SHA1
  
  b42c59f96fb069fd49009dfd94550a7764e6c97c
- SHA256
  
  35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7
- SHA512
  
  00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50
- SSDEEP
  
  49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd
Score

3^/10

discovery
behavioral21
- Target
  
  libEGL.dll
- Size
  
  359KB
- MD5
  
  7dd6b0e4a31d35a0fae5ff425707073c
- SHA1
  
  fbd12e9f8e2252c52ce555c2ebbd7f07e62a0140
- SHA256
  
  8762d8001fc3ddd90e3129dfea172817e8d09b9936eaae391957de4326c8c906
- SHA512
  
  726968df6b83ab5f589276672250d92f532fe2dcea2176e42031a7f1dcecf578b0320cfe2a7d88bb9883ad99387d71c6ebf1e9968272bb5e62850ef09abd2648
- SSDEEP
  
  6144:74otxiotonwSbWTbrTEHdyVwiCSH/gWqkEC/D789uOSna:soL3VCWTbrTEHdyZp6I
Score

3^/10

discovery
behavioral22
- Target
  
  libGLESv2.dll
- Size
  
  6.6MB
- MD5
  
  8803db5b167fb5a5f8a8c595c4e4d7c6
- SHA1
  
  7fde861151f3bea66c65b6c2487a30728048811a
- SHA256
  
  52a58d25a41f4bd31cdb4a0d306217862e04ebf7c1925cc85330054a5523d719
- SHA512
  
  2fa9a0eda221982896e41eb387b5e156198615ac1a1fbac0acffd13008919368b41a240df416c1fce2e48c20a14cd7af7cca9fba476ada5e64a0cadde84a44b7
- SSDEEP
  
  196608:JFvNls3ohV5o1VyUXAHi5oJI0bUlYLY8bVaex51Rf0ZaNWNdrR:LNl9ovXT5oJvb0gYuaez1Rf0Tdr
Score

3^/10

discovery
behavioral23