meduza | d82fe3ed607a8d4827f6b8f007bae911b7201e9af927ffb7442d571347903ab8[.]exe | Triage

Sharing

General

Target

d82fe3ed607a8d4827f6b8f007bae911b7201e9af927ffb7442d571347903ab8.exe
Size

1.3MB
MD5

ec508f4911e5a23f6c0f5d415bd3afd7
SHA1

153589b6d13c5a647028566de0e70b3c8982316e
SHA256

d82fe3ed607a8d4827f6b8f007bae911b7201e9af927ffb7442d571347903ab8
SHA512

6c6450e67102f27748fe1f0b20643955d7724b96901dea9caa7d84ad4a11f7d5090b76e9fd7d8195f8418f0949db2dbc3a3c656c472474dd19fefc4749c0a8b4
SSDEEP

24576:HKG7DZFbFY/BOx4F/MSxVM0j7Ro/IbGw/eGjm7L0K5FpwR8XZyOY7G13E:H3bFY/BdF/MSxVhC/IbGw/9mvP5FDZH3

Score

10^/10

meduza

Malware Config

Signatures

Meduza Stealer payload 1 IoCs

resource	yara_rule
sample	family_meduza

Meduza family
meduza

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d82fe3ed607a8d4827f6b8f007bae911b7201e9af927ffb7442d571347903ab8.exe

Files

d82fe3ed607a8d4827f6b8f007bae911b7201e9af927ffb7442d571347903ab8.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 851KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ