General
-
Target
9c5a5fa983d27dafc21ff8164169ad7772e3c0c49b32d0c5346e1854ed1d2e32N
-
Size
1.7MB
-
Sample
241010-fbe5taxflb
-
MD5
b5d3547be863b719e29009f47f7d14a0
-
SHA1
b7abc61f2c9eb630d38ccea349acca5345939bf7
-
SHA256
9c5a5fa983d27dafc21ff8164169ad7772e3c0c49b32d0c5346e1854ed1d2e32
-
SHA512
d3673cb005da62455716ffba477da8c54a3b512a0d7d8edc07ae3b766faef817a2ed8badad036de89386e83c970f88f389a63e8b8d85086095cf860c2d7fa33b
-
SSDEEP
49152:3bo95a6iGYLWBjosANqicY0a3xdumAFMm6JhQk6pyJ:xWposANqieaXAFMth6p
Malware Config
Extracted
meduza
109.107.181.162
-
anti_dbg
true
-
anti_vm
true
-
build_name
459
-
extensions
none
-
grabber_max_size
1.048576e+06
-
links
none
-
port
15666
-
self_destruct
true
Targets
-
-
Target
9c5a5fa983d27dafc21ff8164169ad7772e3c0c49b32d0c5346e1854ed1d2e32N
-
Size
1.7MB
-
MD5
b5d3547be863b719e29009f47f7d14a0
-
SHA1
b7abc61f2c9eb630d38ccea349acca5345939bf7
-
SHA256
9c5a5fa983d27dafc21ff8164169ad7772e3c0c49b32d0c5346e1854ed1d2e32
-
SHA512
d3673cb005da62455716ffba477da8c54a3b512a0d7d8edc07ae3b766faef817a2ed8badad036de89386e83c970f88f389a63e8b8d85086095cf860c2d7fa33b
-
SSDEEP
49152:3bo95a6iGYLWBjosANqicY0a3xdumAFMm6JhQk6pyJ:xWposANqieaXAFMth6p
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1