meduza | ddff18268a87a6d5200836c3219ba973a0e1a60135d5e543cf06d315348ab71b | Triage

Submit
Reports

Overview

overview

Static

static

1

ddff18268a...1b.exe

windows7-x64

ddff18268a...1b.exe

windows10-2004-x64

Sharing

General

Target

ddff18268a87a6d5200836c3219ba973a0e1a60135d5e543cf06d315348ab71b.exe
Size

1.4MB
Sample

241029-djcnjs1pby
MD5

eab6ffe7b3ed8b11859e3c2858cb1b48
SHA1

c825fcb349ed78c6fe437605ef17a9c1ab76fc32
SHA256

ddff18268a87a6d5200836c3219ba973a0e1a60135d5e543cf06d315348ab71b
SHA512

06f8da78780bd504ad912b1aecfc76b9a4e04ff2b513202fd7ff56ada7a2b60fc74d6c294da74c7c2f3eb75653c730e98fef8f7e1dcc0ab7ea1c9b17cae6375f
SSDEEP

24576:OiGYw/6K/bd1YYJaOZpwxWs+RmATcoPoVLmudtnhNxeytXP7JLxtC:OiGJ/BRVTvPo5nhTeytXP7JltC

Score

10^/10

meduza collection discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

ddff18268a87a6d5200836c3219ba973a0e1a60135d5e543cf06d315348ab71b.exe

Resource

win7-20240903-en

meduza collection discovery stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ddff18268a87a6d5200836c3219ba973a0e1a60135d5e543cf06d315348ab71b.exe

Resource

win10v2004-20241007-en

meduza collection discovery stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

176.124.204.206

Attributes

anti_dbg
true
anti_vm
true
build_name
mob2
extensions
.txt
grabber_max_size
4.194304e+06
port
15666
self_destruct
false

Targets

- Target
  
  ddff18268a87a6d5200836c3219ba973a0e1a60135d5e543cf06d315348ab71b.exe
- Size
  
  1.4MB
- MD5
  
  eab6ffe7b3ed8b11859e3c2858cb1b48
- SHA1
  
  c825fcb349ed78c6fe437605ef17a9c1ab76fc32
- SHA256
  
  ddff18268a87a6d5200836c3219ba973a0e1a60135d5e543cf06d315348ab71b
- SHA512
  
  06f8da78780bd504ad912b1aecfc76b9a4e04ff2b513202fd7ff56ada7a2b60fc74d6c294da74c7c2f3eb75653c730e98fef8f7e1dcc0ab7ea1c9b17cae6375f
- SSDEEP
  
  24576:OiGYw/6K/bd1YYJaOZpwxWs+RmATcoPoVLmudtnhNxeytXP7JLxtC:OiGJ/BRVTvPo5nhTeytXP7JltC
Score

10^/10

meduza collection discovery stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Browser Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meduzacollectiondiscoverystealer

behavioral2

meduzacollectiondiscoverystealer

© 2018-2025

Terms | Privacy