meduza | b64a353728226d46f333f6025cc55fcb222191161396e3702c7a536618c80c97 | Triage

Sharing

General

Target

[email protected]
Size

26.0MB
Sample

241027-w774gaykdt
MD5

8cce3a045d1a6847c254b603b83fff8d
SHA1

ef23d9e784c5800fd5fc4b8f4211756860883500
SHA256

b64a353728226d46f333f6025cc55fcb222191161396e3702c7a536618c80c97
SHA512

ddc957a8f285898adcf91ca70cab5202651fe07585d2e06d5ca66321c5db9e52f0d1acc21c43957d97d196df595befab838ec38731bc6d23f985a74c9dcad315
SSDEEP

786432:A6oivzkdQhFEk6jGyR6nNwKQfmJ1ki60G2feO8ztS:AD6zkd8v/u6m/GkiRG5tS

Score

10^/10

meduza discovery stealer

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
616
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Targets

- Target
  
  [email protected]
- Size
  
  26.0MB
- MD5
  
  8cce3a045d1a6847c254b603b83fff8d
- SHA1
  
  ef23d9e784c5800fd5fc4b8f4211756860883500
- SHA256
  
  b64a353728226d46f333f6025cc55fcb222191161396e3702c7a536618c80c97
- SHA512
  
  ddc957a8f285898adcf91ca70cab5202651fe07585d2e06d5ca66321c5db9e52f0d1acc21c43957d97d196df595befab838ec38731bc6d23f985a74c9dcad315
- SSDEEP
  
  786432:A6oivzkdQhFEk6jGyR6nNwKQfmJ1ki60G2feO8ztS:AD6zkd8v/u6m/GkiRG5tS
Score

10^/10

meduza stealer discovery
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  ExxxxSet_up.zip
- Size
  
  26.0MB
- MD5
  
  338e1f5d34876aedc2f00521b642049a
- SHA1
  
  67af0b475e407890f6b57351d3b18456f4735466
- SHA256
  
  6ae598b5c7e9c3a0e673c292533a3185fe25bd56261f2803ef0bf8b4c3f06b7d
- SHA512
  
  55e71f20dda7fe1c4ee29bd48c3f0b01db538165193f94b195d7f2d9e4ef290c6421d3d5b520dde3e0e449ad8e02ed89c27ea198dfc796c6b9073ad594b5351c
- SSDEEP
  
  786432:k6oivzkdQhFEk6jGyR6nNwKQfmJ1ki60G2feO8zth:kD6zkd8v/u6m/GkiRG5th
Score

1^/10
behavioral3 behavioral4
- Target
  
  III_Pa$$w0rd - 1885.txt
- Size
  
  26B
- MD5
  
  95568ad7905a167cc6a2c52df051fdf1
- SHA1
  
  7f2240311202aaf88b50f505de8ac5ca8a408b31
- SHA256
  
  0f77b154d00d567640eb0e9f9a36d885e4614ca05ce2e3bfd8b86b106db768b8
- SHA512
  
  bde699c91fbd3d350230c0eed5248206ef69b7d7821e1904171f9f6887c5c65889f13f8aa36a4e8b34670cc374509cecee40886608b576950d91ae0497615c0a
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

meduzadiscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6