meduza | 2372-5-0x0000000140000000-0x000000014010F000-memory[.]dmp | Triage

Sharing

General

Target

2372-5-0x0000000140000000-0x000000014010F000-memory.dmp
Size

1.1MB
MD5

e29326c790a097d1e2f0ee10119947ff
SHA1

8db14ec16144e6f12ab976f3198f636bb812f7f5
SHA256

f264c300a4b76b0de6f11dd45cc449c87f96c0517565c66b6488d44ff0682196
SHA512

aefaf83f9b70ee7c7b3e04b7e91cdc19b379492fc1961ce9fbd20a42b633b50e346d94073c0158480f4c446369b93ee860023202d53add3de706428f154231a3
SSDEEP

24576:0ua1JulfGhRZjNfkIwMp6t7Ehf8kLXtjQIDPiQR:0uyulfSRp5kr7EhrrtcMiQR

Score

10^/10

meduza

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
28
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Signatures

Meduza Stealer payload 1 IoCs

resource	yara_rule
sample	family_meduza

Meduza family
meduza

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2372-5-0x0000000140000000-0x000000014010F000-memory.dmp

Files

2372-5-0x0000000140000000-0x000000014010F000-memory.dmp
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 841KB - Virtual size: 840KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ