meduza | d0127c9658a5e6599a876f942a8d9eb46771f8f504c1eb4d3d4dd90b0e917574 | Triage

Sharing

General

Target

5d5be2d807ae58e049ea38dc8fa0d084d63d3acedb1bfe47a0befcc6e14c95e3.zip
Size

507KB
Sample

241016-wfhz9sxarq
MD5

c46c7c5969e4154b68483fef9c2d50b3
SHA1

6039c0f87481d297e07d3893be06472a2ed00043
SHA256

d0127c9658a5e6599a876f942a8d9eb46771f8f504c1eb4d3d4dd90b0e917574
SHA512

0bd639fc17adc29ca13a04843db3197335abacb0e7fa4bafc2555cb672d6072bc91b3dd74ae53478318dcf701c0132c9f52738986f7f678d1b73885f448aa80d
SSDEEP

12288:+p6aHGp+BGsiyVNQMMz71Rh3oYI1lklOzSgOUdWk85rFX8m:46aHvBGsnNQDdj39lOegJspX8m

Score

10^/10

meduza collection discovery spyware stealer

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
424
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Targets

- Target
  
  pic8.jpg
- Size
  
  1.2MB
- MD5
  
  2641c36c0e8205672c3b20a4bb79e802
- SHA1
  
  8a8c7312e275ea2ffb9b73a46a057fa31669c371
- SHA256
  
  5d5be2d807ae58e049ea38dc8fa0d084d63d3acedb1bfe47a0befcc6e14c95e3
- SHA512
  
  b3fecd5958ed1960a885f285d63aff2593bec3da54192e2a3674ec843132da98419f1cc414532a61d8e91e43ba89e13a658c239f7bcfd0694ab33ad8c66b2399
- SSDEEP
  
  24576:4kazQhNR3fNR84iv88LT6T6h0lhSMXlRg2r:LaMhNR1m4ivLv6TXhJr
Score

7^/10

collection discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoveryspywarestealer

behavioral2

collectiondiscoveryspywarestealer

behavioral3

collectiondiscoveryspywarestealer