General
-
Target
1_seed-check.exe
-
Size
2.7MB
-
Sample
241001-xrdqcswaqn
-
MD5
fe8642ef05544492aa7bea74dd228442
-
SHA1
9cd835042a5feed668604d4f4aca415ff8af9532
-
SHA256
2ec5235af12345ee05668337a7607bcc4b28cf2409d006fbdf749c2ff6275e3b
-
SHA512
648155f46994ab9738ab8bcfc49f5bb4db35acde3ecfc324934dac2d4645446d1be04cd39ab014bd9071a8e7ffd38891c225b7330b1c71a702c60f8cb6d6d367
-
SSDEEP
49152:NPw34yFJzSdhPzD0mOd4606hU6HznKpHaeUGnVn641aibkcrh8A:q9mOd46GHaeUQhVp
Malware Config
Extracted
meduza
109.107.181.162
Targets
-
-
Target
1_seed-check.exe
-
Size
2.7MB
-
MD5
fe8642ef05544492aa7bea74dd228442
-
SHA1
9cd835042a5feed668604d4f4aca415ff8af9532
-
SHA256
2ec5235af12345ee05668337a7607bcc4b28cf2409d006fbdf749c2ff6275e3b
-
SHA512
648155f46994ab9738ab8bcfc49f5bb4db35acde3ecfc324934dac2d4645446d1be04cd39ab014bd9071a8e7ffd38891c225b7330b1c71a702c60f8cb6d6d367
-
SSDEEP
49152:NPw34yFJzSdhPzD0mOd4606hU6HznKpHaeUGnVn641aibkcrh8A:q9mOd46GHaeUQhVp
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1