Overview

overview

10

Static

static

3

NewsStatV2.dll

windows7-x64

1

NewsStatV2.dll

windows10-2004-x64

1

Setup.exe

windows7-x64

1

Setup.exe

windows10-2004-x64

10

p2pstate.dll

windows7-x64

1

p2pstate.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.zip

  • Size

    1.3MB

  • Sample

    241003-131aaasgqc

  • MD5

    05985f52b6aa68ae26e6c5cc4d9a671b

  • SHA1

    1282190b4dcd7e6c277cafb7bfd3535ca697e2d9

  • SHA256

    a16651c9afd3eda3a5f29c9be9d57c739bc8bb96b982761163e61b1bfd36d1ae

  • SHA512

    2175cdb9b2c8b7419fcfc363817fa0f53269d25d7d0b38f2d27f6fc1f59b7c341186b79c2347ea2cb9fe3a1f06094fbcc23f06d226f66a91ade5d1206db1f0a8

  • SSDEEP

    24576:Zmm7ot3urRHoBykevlYzH5RIosGBaTCYYea598ZsUE:Zmm7m3HAl4H5RdsMaTCVjbYc

Score
10/10
meduzacollectiondiscoveryspywarestealer

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Targets

    • Target

      NewsStatV2.DLL

    • Size

      12B

    • MD5

      dc72bdebf3016a463eb4e209af1aefe1

    • SHA1

      9bde7acc8b748a89daee4d756fa57ce3007e82a9

    • SHA256

      472e48643c0b957bb7c612448330f07ce0cb71e14541c6b0b9ce789bc82e91da

    • SHA512

      de6999ebc8dd931a4417c6861e36127a6b7caca1543f1db94eb90c3624045ee57398d2fb1a4841e0647ac0191ab41a04d6dc8642c7f1b888743a03a985c65ea5

    Score
    1/10
    behavioral1behavioral2

    • Target

      Setup.exe

    • Size

      1.7MB

    • MD5

      f1bca393ebf7d5de3fc6b0f3b2531a45

    • SHA1

      e6323fcf662fd477bb3145021495380d1f88d36f

    • SHA256

      c4722166ddccf45c4b8760f61326ab4c34c9fe5a4ae23b8c34195b728d19bac3

    • SHA512

      7aab0d2b4cd5608c5caaa8fefdbc39283722b05be9e7e8f0e05e8fbfdcf003d1a2ba0a3dd3afba21e7ad167a2ebbb0603db06d71b74f1dea769cf56082620280

    • SSDEEP

      49152:bK+/T/rL4gdI+QOoAhKgrqAwHsnxFP18:RQuLF

    Score
    10/10
    meduzacollectiondiscoveryspywarestealer

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      p2pstate.DLL

    • Size

      128KB

    • MD5

      d4a3019fba1509a1e1faf0115b512c84

    • SHA1

      cc85bc0017e4e20387c8dd0b1eaff31a5ddb473a

    • SHA256

      563062fd6c6a2a84ebe6e35e9bb045ef1bc240cdcd20dc557c1957e80ccf932c

    • SHA512

      1505c567b1333a02eea5a5356ec0878c87461c22272ea693e651040df59f0677f784248f67c8d5f293be25b746596112bfed61921d6e640887f0955aab23776c

    • SSDEEP

      1536:cdZTYMYIKPRhJjRn4udcdugdKBH0g01+gZrxtQQzQeWV9JhtgTKzMyLL/gB:ai7ImJjeudccg00gA+AxtErtZvLjY

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks