General
-
Target
RYZENSIX (5022).zip
-
Size
2.8MB
-
Sample
241028-jfftpathpn
-
MD5
d927d6de1f8a3f6989f732611d51096a
-
SHA1
53a20d759fa8bff706dbb22f8353f51972849830
-
SHA256
ca5ba8ce5938a95166a105d80f16953870c66e7fca57acef05cb8a3df954ab7a
-
SHA512
fddfbae7f631a2f9c6339212a68a1b4525c8431285b7c06297a6f641fc624796a03f3c7c13d9ed2f92fa9cadaf2c3543a9928aa2bdcc1c30a9290f6cc9e23685
-
SSDEEP
49152:VM7bMIOUmK/Hvmd3mbVF++zNkMlGK/R+Hstc94Cl8prQrxEGeyBibvjmc1KotIQD:ywIAKfed2z2AGK/4Mtc94C+prQriVy4P
Malware Config
Extracted
meduza
127.0.0.1
-
anti_dbg
true
-
anti_vm
true
-
build_name
test
-
extensions
.txt
-
grabber_max_size
1.048576e+06
-
port
15666
-
self_destruct
false
Targets
-
-
Target
installer.exe
-
Size
3.4MB
-
MD5
5aea618898406f877d7903a4f02d4629
-
SHA1
c69dd5846e5a4258358f8d747acc279a8edbea0c
-
SHA256
c2440f832feae642a3644d57bb86ad8cde08f25041ddefc47cac20d17e248246
-
SHA512
15deebba0348cec2a93452e5708afb5466796fd51d830487e003a70c92d4769278e867f7dc3f7d7dbf201b002888bbd77238eb938ca6894f13b9471c2d7c1804
-
SSDEEP
49152:hyP3N1HVMxY3a9QfVSLFheayDv5Els4Ngt3zYU04WU5T4qo0v7uwU7RCni+zLyVm:U/N1GiI65mDNmYoGH0v7/U7SzWV8au
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-