meduza | 4768-6-0x0000000140000000-0x000000014013B000-memory[.]dmp | Triage

Sharing

General

Target

4768-6-0x0000000140000000-0x000000014013B000-memory.dmp
Size

1.2MB
MD5

aebf419811b9ebc0e6674c118da2fba7
SHA1

391d0796b00a5edc15319dac642bdb51fc093d71
SHA256

895d7d33a5a06f95ff8a091aa7a9a4d70d382d424828d33235f4e4c1792bcaec
SHA512

80cf24e622ac844bc8fc154fcf1f1b4f476af8fce33c1cbb58f2812763a67e9339faea437dfa366154fcbfa452b3cce1eda6be5996dbcc7f6a3a22efa8a443d1
SSDEEP

24576:cPctq3/wGIlYtDk45U21iYCY02h0lhSMXlPyV1yjtI:Ycts/wGIlkB5U2kbn/

Score

10^/10

meduza

Malware Config

Signatures

Meduza Stealer payload 1 IoCs

resource	yara_rule
sample	family_meduza

Meduza family
meduza

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4768-6-0x0000000140000000-0x000000014013B000-memory.dmp

Files

4768-6-0x0000000140000000-0x000000014013B000-memory.dmp
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ