meduza | a10e97c8b4a4b7408d489f8043aee8c7778a9fcc92b68fa9488879f2aa908dba | Triage

Submit
Reports

Overview

overview

Static

static

1

KMInstall.exe

windows7-x64

KMInstall.exe

windows10-2004-x64

Sharing

General

Target

KMInstall.exe
Size

1.3MB
Sample

241028-ebgg7szdjc
MD5

78a28e6dcd3f936c4b3784b1728b049e
SHA1

21a8bbb2e4bb7ca03bfe498d591fff0917e0c7c7
SHA256

a10e97c8b4a4b7408d489f8043aee8c7778a9fcc92b68fa9488879f2aa908dba
SHA512

55cd40dfbe687af8cb5b0b903f6252ee76ca5010f0ccbb9ffa7646ee83e69799aaa9da8eadd2ba1347e128ee7f045a77d40d8fa723bba0d6a24f37f4f998ab3d
SSDEEP

24576:ZicHTAcDVdNDrA7BJ+Sskk8SPMV/9D7hKi7hK47hKfO8n4SYcufneNb/V4t9m7A:7TAcK7BJ+9kktUV/9DvhZcanGb/utP

Score

10^/10

meduza collection discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

KMInstall.exe

Resource

win7-20240903-en

meduza collection discovery stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

KMInstall.exe

Resource

win10v2004-20241007-en

meduza collection discovery stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

176.124.204.206

Attributes

anti_dbg
true
anti_vm
true
build_name
mob2
extensions
.txt
grabber_max_size
4.194304e+06
port
15666
self_destruct
false

Targets

- Target
  
  KMInstall.exe
- Size
  
  1.3MB
- MD5
  
  78a28e6dcd3f936c4b3784b1728b049e
- SHA1
  
  21a8bbb2e4bb7ca03bfe498d591fff0917e0c7c7
- SHA256
  
  a10e97c8b4a4b7408d489f8043aee8c7778a9fcc92b68fa9488879f2aa908dba
- SHA512
  
  55cd40dfbe687af8cb5b0b903f6252ee76ca5010f0ccbb9ffa7646ee83e69799aaa9da8eadd2ba1347e128ee7f045a77d40d8fa723bba0d6a24f37f4f998ab3d
- SSDEEP
  
  24576:ZicHTAcDVdNDrA7BJ+Sskk8SPMV/9D7hKi7hK47hKfO8n4SYcufneNb/V4t9m7A:7TAcK7BJ+9kktUV/9DvhZcanGb/utP
Score

10^/10

meduza collection discovery stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meduzacollectiondiscoverystealer

behavioral2

meduzacollectiondiscoverystealer

© 2018-2025

Terms | Privacy