Extracted

• • Target

    Oldsetup.exe

  • Size

    2.6MB

  • MD5

    98e56fc6276f5ea11ed37de5b40116d3

  • SHA1

    882fd2c385eeaffec3881b3262de638ff912f276

  • SHA256

    9006378885c4a84699ad0f90dbe7579969e3a1b41f6fd334c4e440d30a15d063

  • SHA512

    978c3f3e5e866db2cc59a3474a6b75291b3eba44d445887c2afd50218dce776a650822eb67118481e62411b02102c7e49a1dc99db507d4cca59d0253b5b1a19b

  • SSDEEP

    49152:HZPf0tL9d77T+WScpPNBqB0+iZjS9fQzm4qU0Hy+GtGHkyMaRV/EfZ8yd:EVScpPN3OHmUQ

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2