Overview

overview

10

Static

static

3

Gdswt46g.dll

windows11-21h2-x64

4

gsdr3y4.dll

windows11-21h2-x64

1

setup.7.0.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Unconfirmed 572190.crdownload

  • Size

    1.3MB

  • Sample

    241023-l3nh6ateqd

  • MD5

    32711b39d30ad158f10dca650dcf20bc

  • SHA1

    28024ef92736dedc70aaf7e558062d8878b2d6d5

  • SHA256

    38f09edc87d2d94f3e8fe2e6119be2285e2e0afd64d0c4a53f7d62c9d8f9cbf3

  • SHA512

    7964210fe6832d333b0b61a46ccd974d751d2a4501159c67763efcd245f57e36820bcede7bdca088ddc9c2274eb4db8d56f62cfa3cb0df8830ffad8d1fb11ed2

  • SSDEEP

    24576:emmYqg38/fcu3rYQC2A+93DFtA8SUdzfrHv1JEDcBN3vL9WwKoP8KPYMa9wAqKG8:emmY5Gfn3rYYt93D/A8Swzfbv1+gBN3C

Score
10/10
meduzacollectiondiscoveryspywarestealer

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    490

  • extensions

    none

  • grabber_max_size

    1.048576e+06

  • links

    none

  • port

    15666

  • self_destruct

    true

Targets

    • Target

      Gdswt46g.DLL

    • Size

      12B

    • MD5

      dc72bdebf3016a463eb4e209af1aefe1

    • SHA1

      9bde7acc8b748a89daee4d756fa57ce3007e82a9

    • SHA256

      472e48643c0b957bb7c612448330f07ce0cb71e14541c6b0b9ce789bc82e91da

    • SHA512

      de6999ebc8dd931a4417c6861e36127a6b7caca1543f1db94eb90c3624045ee57398d2fb1a4841e0647ac0191ab41a04d6dc8642c7f1b888743a03a985c65ea5

    Score
    4/10
    discovery
    behavioral1

    • Target

      gsdr3y4.DLL

    • Size

      128KB

    • MD5

      d4a3019fba1509a1e1faf0115b512c84

    • SHA1

      cc85bc0017e4e20387c8dd0b1eaff31a5ddb473a

    • SHA256

      563062fd6c6a2a84ebe6e35e9bb045ef1bc240cdcd20dc557c1957e80ccf932c

    • SHA512

      1505c567b1333a02eea5a5356ec0878c87461c22272ea693e651040df59f0677f784248f67c8d5f293be25b746596112bfed61921d6e640887f0955aab23776c

    • SSDEEP

      1536:cdZTYMYIKPRhJjRn4udcdugdKBH0g01+gZrxtQQzQeWV9JhtgTKzMyLL/gB:ai7ImJjeudccg00gA+AxtErtZvLjY

    Score
    1/10
    behavioral2

    • Target

      setup.7.0.exe

    • Size

      1.7MB

    • MD5

      994bb906f5c652d50b21a45c76c530c1

    • SHA1

      ad90263d8b82f065a56efc728f6e226a60196792

    • SHA256

      1a471d692acc84510b6af7c3ca4953823177bd4af8b569480a7e0862f88587e0

    • SHA512

      6a99872d9884a1d609f984038fb661ac4e44608591d14cdb76741ecbb9bd5bfb6d1edb9f07c45865837502bc6b5dee74947179dd1eb38a4d7c1f7b2a30ca139c

    • SSDEEP

      49152:7bo95a6iGYm/aY3NZd7LcwSrhn8SjWoCu:w/n7LyhZjWoCu

    Score
    10/10
    meduzacollectiondiscoveryspywarestealer

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks