meduza | 560da3dd2f5d64466f1bcc3c9c6091c7729db8493151240f6fa235d2fa208272 | Triage

Sharing

General

Target

OpenBullet2.Native.exe
Size

1.5MB
Sample

241017-fdrlmawdnj
MD5

aa0a9a5dc507324200b6fa394bca7c9a
SHA1

54c4f883fadb619082abdea43689ac16247fdd8c
SHA256

560da3dd2f5d64466f1bcc3c9c6091c7729db8493151240f6fa235d2fa208272
SHA512

907bd97c23cc039b0328e77c68a0ca5ce2a00daf717d9b82432c320436e3214eac8e22d5f58475168ed0ffbbac9eb7cb69721f3bde2b172020eb5404dda9a154
SSDEEP

49152:r7YdV288AqBKJIKBztU4ETekl1SzPXGuxZ/PUgD6TaytJolaPcVtM6jP:/LKBztU4G1SzeoPUuwGMW

Score

10^/10

meduza discovery stealer

Malware Config

Targets

- Target
  
  OpenBullet2.Native.exe
- Size
  
  1.5MB
- MD5
  
  aa0a9a5dc507324200b6fa394bca7c9a
- SHA1
  
  54c4f883fadb619082abdea43689ac16247fdd8c
- SHA256
  
  560da3dd2f5d64466f1bcc3c9c6091c7729db8493151240f6fa235d2fa208272
- SHA512
  
  907bd97c23cc039b0328e77c68a0ca5ce2a00daf717d9b82432c320436e3214eac8e22d5f58475168ed0ffbbac9eb7cb69721f3bde2b172020eb5404dda9a154
- SSDEEP
  
  49152:r7YdV288AqBKJIKBztU4ETekl1SzPXGuxZ/PUgD6TaytJolaPcVtM6jP:/LKBztU4G1SzeoPUuwGMW
Score

10^/10

meduza discovery stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meduzadiscoverystealer

behavioral2

meduzadiscoverystealer