Extracted

• • Target

    WarzoneCheat.exe

  • Size

    2.5MB

  • MD5

    4f03dcb1e44a6b89d910cb4f41198172

  • SHA1

    4b14b8244f5cd389c20fba033823be6b489c854e

  • SHA256

    797b58eb15a41e4afea788e4bff6d0ebe57af68a9db7c06fff0420e8adb0da96

  • SHA512

    27a7a4acadaee21da7d80e08d62b898a8f9d9f3375f85ce6c72e4244b20b63f437c932cb6722a236effb128e6eae34e6f49851f4d6d033076d4c6aeb27147fe7

  • SSDEEP

    49152:pLIbv9GOcDhnSV/vwyTgoypdxxR6ch2CL04r+y/PioT8uNPqmQ0rFPYrxV:0LwyTgoIdL8YeuNSFl

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2behavioral3behavioral4