General
-
Target
5e066d1f0785de43a1324cb5f65be29f7ca0678d89857c8b5e8c71c74b92d8f1N
-
Size
1.2MB
-
Sample
241004-q7f24a1hma
-
MD5
84defb405b8763fca94d200a42cc0f20
-
SHA1
d2cccd1e2d038d55efbaa1caad28ea36340d4ad5
-
SHA256
5e066d1f0785de43a1324cb5f65be29f7ca0678d89857c8b5e8c71c74b92d8f1
-
SHA512
786f0c79d2a91895c5eb8b643132aa171620642d04a6bc4c9835543695937f0d1a378922d6accd748b43ac154959806b0588570be4e7ec2bb9096a5f9ba436c7
-
SSDEEP
24576:4tYuDxnwgvM2l+GQJzZV69cOSM79gkFVLlfV7srxq8hNVp9COX6eh/P:4tYYxnwe+JJzCSMm6lcz6
Malware Config
Extracted
meduza
109.107.181.162
Targets
-
-
Target
5e066d1f0785de43a1324cb5f65be29f7ca0678d89857c8b5e8c71c74b92d8f1N
-
Size
1.2MB
-
MD5
84defb405b8763fca94d200a42cc0f20
-
SHA1
d2cccd1e2d038d55efbaa1caad28ea36340d4ad5
-
SHA256
5e066d1f0785de43a1324cb5f65be29f7ca0678d89857c8b5e8c71c74b92d8f1
-
SHA512
786f0c79d2a91895c5eb8b643132aa171620642d04a6bc4c9835543695937f0d1a378922d6accd748b43ac154959806b0588570be4e7ec2bb9096a5f9ba436c7
-
SSDEEP
24576:4tYuDxnwgvM2l+GQJzZV69cOSM79gkFVLlfV7srxq8hNVp9COX6eh/P:4tYYxnwe+JJzCSMm6lcz6
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1