meduza | 3412-6-0x0000000140000000-0x0000000140117000-memory[.]dmp | Triage

Sharing

General

Target

3412-6-0x0000000140000000-0x0000000140117000-memory.dmp
Size

1.1MB
MD5

c3b7243621a9c55ca86e1633ce899536
SHA1

1e219f4acd482e3e323b61647c25953ef5f44687
SHA256

30c25e901e3ac2ec4a772bd3241ca14263f7ea0cb030d2a6d45561d99ab3e283
SHA512

a05b97a3da1ba465e3a69640a78c2647178ff1a6c9b88683e83d4ed162debcaae8baa3f8e8b18c331afe3921de9394a6778d95b1c09283e6569fa587fde2364b
SSDEEP

24576:wTr3mqL8JdY6HTW3Qd9tzOpel1yd5Ls9lAIKPGxK:S3mqL8g6HTW32xWel1y7MAH+A

Score

10^/10

meduza

Malware Config

Signatures

Meduza Stealer payload 1 IoCs

resource	yara_rule
sample	family_meduza

Meduza family
meduza

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3412-6-0x0000000140000000-0x0000000140117000-memory.dmp

Files

3412-6-0x0000000140000000-0x0000000140117000-memory.dmp
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 858KB - Virtual size: 858KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ