meduza | 4296-5-0x0000000140000000-0x000000014013B000-memory[.]dmp | Triage

Sharing

General

Target

4296-5-0x0000000140000000-0x000000014013B000-memory.dmp
Size

1.2MB
MD5

3fa2fab41a10f34e5e7a3592b26491de
SHA1

4842300d5a16d29be621c926b2845e41d855bc93
SHA256

c9ca0a5f023411037bcd79aea1cd4268f1bf289b7ab6232347ea0826f9a07c8f
SHA512

469f1e4e392ad3cad56183cb7628f36153d47259301c620a481792fe7f66f080bd38945174c3d4c57801d50000af9d47e503ae5723351438c50bf5a9c3dda93b
SSDEEP

24576:4kazQhNR3fNR84iv88LT6T6h0lhSMXlRH2r:LaMhNR1m4ivLv6TXhWr

Score

10^/10

meduza

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
15
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Signatures

Meduza Stealer payload 1 IoCs

resource	yara_rule
sample	family_meduza

Meduza family
meduza

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4296-5-0x0000000140000000-0x000000014013B000-memory.dmp

Files

4296-5-0x0000000140000000-0x000000014013B000-memory.dmp
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ