meduza

Sharing

Copy URL

Twitter E-mail

General

Target

Installer.zip
Size

65.8MB
Sample

241030-3h687svncn
MD5

d92654154956ca3633366b8f658aff01
SHA1

03a1b866d2c0135bdafa0f49b38d65ae490efeb3
SHA256

1316c0afbe65e24b66a9f93c3429446fc8e3fff2abe42c81d46976fbb40d410c
SHA512

9c05578446bb2e03c7c9a1848bfc872b75f61d4b7ab8eee21898589e8fdac81cda20d46be7820ffba5161c6a9c19ec78d3c2a35a55b20130b9085ff9e492e463
SSDEEP

1572864:RD5wIehqmTprZcLGC/utDQOruRPv+Wz6c1lH3CzovvqXa0M0ry3VdV:TwX25uiOruRPDzdl3CzovmtrSdV

Score

10^/10

Malware Config

Extracted

Family

meduza

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
459
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Targets

- Target
  
  Installer.exe
- Size
  
  2.2MB
- MD5
  
  7747b27850026fb5f5bc9bfc83b821fe
- SHA1
  
  d59fbdf28bed8fa5e5f7432079be6529b562924c
- SHA256
  
  1d001ffbecf6dbe5b89871fcba974a147c1336bd7c80110813fc0120f8b04f62
- SHA512
  
  f015e76322ce71e2ee881c2cdb15a0bc61da4ea7c2ed6ea313dce543a0161635167e62a484d3342cd569a087ad20089953177459387c6961c53db69b4b7e062f
- SSDEEP
  
  49152:po4nOn8huOxcEeWJa4q2Fi/mU5QyrIx6hpfou+7qN8vMwMS:i8JhuscEeWJa4q2Fi/f5QFwpfod7v7MS
Score

10^/10

meduza collection discovery spyware stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Mods/Accessibility/2.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
- Size
  
  10KB
- MD5
  
  1dde9a95c99955f07583353afdb4ac6a
- SHA1
  
  239011f68ce7e647939ed2953aaace0d610e44e3
- SHA256
  
  717ffd66b726d0f1ff1a72e1d4cc72eb0c5fa22a37774c531d6ed48189b9673a
- SHA512
  
  39b541296852f18eee4c75706597f275e62c49c707bced3b30565b77dd3375c2e5e359282ae4419661a0721f78cc75ffd1e97e72866f3ae348dafcdbcbdf2b7e
- SSDEEP
  
  192:RU0YOVE6f8QXQnzkf8QXQnzjtxWNPX5+EUL4t7WTPfF8iRE6Gj3Pxh3WQOmWR:RUxOVO2Qnzl2QnzONtUUkJk91tWfmW
Score

1^/10
behavioral2
- Target
  
  Mods/ComSvcConfig/3.0.0.0__b03f5f7f11d50a3a/ComSvcConfig.exe
- Size
  
  164KB
- MD5
  
  51a4a70d357779f0d344e267d509509b
- SHA1
  
  146f9be5d68ff8126d03ea1bc2f6479ba78154ea
- SHA256
  
  6d8fbe588879787edf2cb35680db6e208bafb3707ccedfc4751385e5dd5a877c
- SHA512
  
  c32336fc01a96544e5e8ebfe805ec16bdbf6283a499683f7837e3f7e9535cab17efc0ad8142219d5d34d1d98607db7596947fed24852aaadf684db7cc5350645
- SSDEEP
  
  3072:gOA+rPbreOU2lHpGl6cHiFbxGxFWqhcehYVSrajYbVW:xrPreOvHkHiFb8xp1W
Score

1^/10
behavioral3
- Target
  
  Mods/EnvDTE100/10.0.0.0__b03f5f7f11d50a3a/EnvDTE100.dll
- Size
  
  18KB
- MD5
  
  9a8841425ad722035c8bb43c39d29fd2
- SHA1
  
  5f6354e34c3a2622348ee244cd57da146d7b6353
- SHA256
  
  a5243dd7b8999a4030cb475797c56e9250f922abad90f304f740ddf75c0cc2bd
- SHA512
  
  1ed3246eb0f673b8e08dfc1250e60847837a9def14d8576790327c854d58a8f0376be4a3052f501cc95021cc353b5bbd678015cc3efc40e93b139ec0a74a8e19
- SSDEEP
  
  384:ax+Eyejmuyojt6Acoz7urI/fWtgD6qPVH0IaWbmW3LXci2jpvyMpB:akS5jt2I/fmmH7HDMi2jpvyMpB
Score

1^/10
behavioral4
- Target
  
  Mods/FSharp.Core.resources/2.3.0.0_ru_b03f5f7f11d50a3a/FSharp.Core.resources.dll
- Size
  
  55KB
- MD5
  
  c76a8bec8e6deafbd0005ad4ff0b1bae
- SHA1
  
  19af8b180e930af2db3a20c3277041b4097934a4
- SHA256
  
  cc3a521af43efe1b293087def148bbc1913f89e086900a00b2a92d600a4971d9
- SHA512
  
  461a836461a591e32e97f74ed953aff884424bcaee8a71ec703593a5b99986abaee2adeb066276b11954449b13da1d6b747d4080b7de49dbff43f83d7948787d
- SSDEEP
  
  384:2G+gUffkpTTK/K921pmwhEAZA7iQyTMNQa0CWyD1LHB0GftpBjXNFtAHRN7Kulrs:2tgUffkM9EwhEAZACVj+BWi52zze
Score

1^/10
behavioral5
- Target
  
  Mods/FSharp.Core/2.3.0.0__b03f5f7f11d50a3a/FSharp.Core.dll
- Size
  
  909KB
- MD5
  
  24d2b85fe5b5c22336d47579f92fd852
- SHA1
  
  a03d6d93e517da0b82371876445948b2c9535615
- SHA256
  
  d9381d077d7fa6c519e9de9fb1dfb9f63b79a61ae3e983636883fe66dbf4a0a9
- SHA512
  
  7016441fbbbb2aed23303d27930e8b822093b117117ad6724e27cc57a1513c964953494aff30a67114f98811bbbbc09f0edfbc7073075754614a426c718d6021
- SSDEEP
  
  12288:I1a/mnqOvsZL15hjfIRF7tyNts8HBFq6igQ6BQ8BvsMau:Ig/8sZ57jwyrJHB4DgQ6BQ8BT
Score

1^/10
behavioral6
- Target
  
  Mods/IEExecRemote/2.0.0.0__b03f5f7f11d50a3a/IEExecRemote.dll
- Size
  
  8KB
- MD5
  
  3f4da9f2716510376e5b752b6becbab6
- SHA1
  
  105cb2f1dbe96d65d8a5aec387dda12f9310edbd
- SHA256
  
  b74c46a8a8c725924af7572f7621166655715d0fbfd233179943740f24a240b8
- SHA512
  
  38ed90374c14b03fbe0d17050e78bc9a76f030f9df0ed0edc52064ca8306da1f9214237be070cca3cc0f42b5c7976e6923bbee3752d6ceb826f8b7f2c256c1f9
- SSDEEP
  
  192:qSRzEJyrrgPTVhqQwRGC1SVx4VIJuSLWyVNrWR:qtJyrrgBk9RfkxJuSLWynrW
Score

1^/10
behavioral7
- Target
  
  Mods/IEHost/2.0.0.0__b03f5f7f11d50a3a/IEHost.dll
- Size
  
  76KB
- MD5
  
  84caf4f6add954f00ff3c8823fcce13c
- SHA1
  
  459280ab4c1c9df048d76745b2adae8e8f357a6e
- SHA256
  
  c15ca0adf3de89bb6df6d117053022080ddac0e7be0732dd8cfb51f2cd4ec71d
- SHA512
  
  6a288d5dc3b387758423135231842598eec8945b1c54b0df7d7601757047b28abd3787f4465aa4b31b67b90d75c0513d69de1fce947856370dfb123a72aa1c18
- SSDEEP
  
  1536:jxDlDGkJq+zNkXJYKl6KGLs0dpoVPVuZSVpYSpGb:dDPg+zNkXJ56KGLs0E9pYSpm
Score

1^/10
behavioral8
- Target
  
  Mods/IIEHost/2.0.0.0__b03f5f7f11d50a3a/IIEHost.dll
- Size
  
  6KB
- MD5
  
  b1f1f1dd3c4f7a00a9665df2202edbf1
- SHA1
  
  dcbbf1282a6b442777140ec6fbecc8885661b16b
- SHA256
  
  8bac9ba0c20290425ce49791732a2936fb351baafe670426d7236c7d74574495
- SHA512
  
  8957fc540fe2fd64be0ffd9cf8d73ca396e1e4d1e51c9dc63d7f117c58eede12b1aceebf346f2d7c7f6e1c0c85abf0fc21788bbf5c5ec6963dcb14945018e0fe
- SSDEEP
  
  96:WUoz865WV33cOHRtk58360Ixvt/ID2D3EWOl9p9FWR:R6k3cOHH/IxKWO/zFWR
Score

1^/10
behavioral9
- Target
  
  Mods/MMCEx.Resources/3.0.0.0_en_31bf3856ad364e35/MMCEx.Resources.dll
- Size
  
  36KB
- MD5
  
  06db3ed3db8744254e2f78fafdaf8c1f
- SHA1
  
  4d9e22ff77fa1afa2d134f7816c10a5725825590
- SHA256
  
  82bcbc3de8adb8f08e1df439b21433437f75c9e7ca5314c0b5a4fbf96b83df8b
- SHA512
  
  aaa0dd60f14a15e65ba47fecc2948492b78cbac883ed8195f45420844b6df0ad5d4d869470853561d06c36b3a5acd2cf7157f3db33817913403ed4813c25dba9
- SSDEEP
  
  384:alJ5bH1N5JfqRNSWZ3dNmjxpqS+udjpI0idKQWh6W:alHHaN9NmjIup+0icf
Score

1^/10
behavioral10
- Target
  
  Mods/MMCEx.Resources/3.0.0.0_ru_31bf3856ad364e35/MMCEx.Resources.dll
- Size
  
  44KB
- MD5
  
  1672af9f4ba884c8155af01ee874b99f
- SHA1
  
  bf2a1bdbfda34b3d2d26c2cc2aed7bdb6ef3e9d8
- SHA256
  
  d4d6a566f8b0d035e1d48b9d9c59070d04005f4dc8043e7e9218d6b51fd0789b
- SHA512
  
  3137226c5a08aee02bbf27f5358436f86d888366448b4f48de0254a193a3a7cbb1b694589b019d16eceba914790bce5cee94f5a6a5bfb37b2e8f4de69780566f
- SSDEEP
  
  384:glJ5E9CpJJAzhwfuM3QgudTCciNV+B94XuS5+AHulKH9KWi:gl43wgguduc2+HCT9W
Score

1^/10
behavioral11
- Target
  
  Mods/MMCEx/3.0.0.0__31bf3856ad364e35/MMCEx.dll
- Size
  
  412KB
- MD5
  
  ba4b7414b3b00ac9d751fa78fb5e0228
- SHA1
  
  77a87ca3a621107c31540d9290ab7cb654ef5be8
- SHA256
  
  3b25659c7f223433b8032743b5279d44ccfebacd324430ea34f831c2b6d6d25a
- SHA512
  
  af510fec8e736025d47800407bebd5c0bf34ec8d790ed80624e316bfdf07acc972b1fdf722c207290264004fae2f2a2c2beb50014ffbdbdd1c4bcaf6113ab222
- SSDEEP
  
  6144:fjoY5OH9Lrsx3M9LHaNOZZZZtJtVJYOmNVm1NaTjMjaar3yPxFzYXRa8H9:fjoAqLrsqVaN6/iQATjMx3czYXRR
Score

1^/10
behavioral12
- Target
  
  Mods/MMCFxCommon/3.0.0.0__31bf3856ad364e35/MMCFxCommon.dll
- Size
  
  108KB
- MD5
  
  5d73f9cc0ae2dda07c251f7fa9df8823
- SHA1
  
  8c4e99e948c5e31bdca7eef04954db41e59564c3
- SHA256
  
  92ca73d636c529a9b30ac89b5576df6c5d65fef6774e86c4bce2c6ebf08330d3
- SHA512
  
  37dc887be8f5ab36181f11a5184e474bf22ff3ada8d51f2e64fcc499ef088254d863425b4b45c734df345ce23e27cfedbfe0aba16f57de710ee926db52805de0
- SSDEEP
  
  1536:NNn5xb+8wnfYr9IBh7rMuLoWNBMahLt3vjyzhs8WbTvdIVbp2:/bUfYhI/5r1P7yzSbTFMbp2
Score

1^/10
behavioral13
- Target
  
  Mods/Microsoft.Build.Conversion.v3.5/3.5.0.0__b03f5f7f11d50a3a/Microsoft.Build.Conversion.v3.5.dll
- Size
  
  104KB
- MD5
  
  5b42e9a9e386afe77c049ffbc2f4e4ad
- SHA1
  
  7c014f6be8cdc35d797b2ed35124536eed261f01
- SHA256
  
  89a214d58d1651c590110875a90314045fc597d87361fa6c636e4374a4d45b83
- SHA512
  
  c9648a79a63c767d7bc5b81c4d8eaebd86f0a8cb299fd7b9a9f078f80f668a3f4a878e8c1f41dc30d11ed3ab214745059ba64544e9077b714f777c62288edb0a
- SSDEEP
  
  1536:EUN40wLsc5O5Fv0Urd4120iDSUOUUbahA+PP4VbGzvoF5DmP:EGWYF15Gi2UOUU+hA245GzgjiP
Score

1^/10
behavioral14
- Target
  
  Mods/Microsoft.Build.Engine.Resources/2.0.0.0_ru_b03f5f7f11d50a3a/Microsoft.Build.Engine.resources.dll
- Size
  
  64KB
- MD5
  
  e69b9d4c98752addc96f4257ad39535a
- SHA1
  
  d7c07e2da74e023ad9a455fe0f2174833a793cc8
- SHA256
  
  f4a6f237038b14186b77df605b85865ad1e7cb43acae0ce03befba07705ad7f7
- SHA512
  
  3c3b9d5caca3ed93d10309341c89acae5ee5efda069539406ad736b85365895c7b23a8aaf93dbc9eeebfec11f4f527b91f01cb1d05c2f3a7949c90ae7b4e8bc8
- SSDEEP
  
  1536:Sgg31IXSN4lD5SmqiX+OdeQnRYGdZl/D:v41wD5SmqiXTeWaGdZl/D
Score

1^/10
behavioral15
- Target
  
  Mods/Microsoft.Build.Engine/2.0.0.0__b03f5f7f11d50a3a/Microsoft.Build.Engine.dll
- Size
  
  380KB
- MD5
  
  e5f9fe510c56eefabaa2afdfbc92be40
- SHA1
  
  c0049b1123114b51697247e4a2f3ec9f85b06ed8
- SHA256
  
  87c791d80398ed9b4d36e94f2e40226b743a224ca4f3887a26d46e8e9c93f3b0
- SHA512
  
  1858df44720d3da55e4c21604e91da11abec485029e3cc3f224ba648047b1e73c07131bbb3110d729253935d5c459b55046eee6a064ac31e8e305f2e5dc08f5f
- SSDEEP
  
  6144:inZPpEshUhm0fN88HTvgk94/gLiKg+voYPj6R9mTMVw9C:uEcUhm0fN88UkWmiKg+Li
Score

1^/10
behavioral16
- Target
  
  Mods/Microsoft.Build.Engine/3.5.0.0__b03f5f7f11d50a3a/Microsoft.Build.Engine.dll
- Size
  
  716KB
- MD5
  
  49b53435e5d61c165140b2be10bf2da3
- SHA1
  
  3ff451e8b1f71164f95ba8d4e6d87ad76471a6da
- SHA256
  
  c4d17e7d9c70fd96d18eca2171cb4e64bd9863d7b4d364feee12d2942fcc9e47
- SHA512
  
  800283bb0b9f68e4c23ab43f5079cd6aa533ecd635781705c60995e372d2cfcb42e6feb5cbb3520416dd6e1702e49fa31a239fdea12732b3bc83b30ae06f838a
- SSDEEP
  
  12288:XxbBLgESLMx9DmTG+QQjiP66vliIvsWiucnxFph:xpgESxN6Ps3xnb
Score

1^/10
behavioral17
- Target
  
  Mods/Microsoft.Build.Framework/2.0.0.0__b03f5f7f11d50a3a/Microsoft.Build.Framework.dll
- Size
  
  36KB
- MD5
  
  91e65ff7b12c814f5132077ff009fe3e
- SHA1
  
  189275ea6c59a6807c836fa0157603f2fc717ec6
- SHA256
  
  efc34dbc039bebb05c686843f497cbd119afd05b497b65b6c1ee42dc5adf41dd
- SHA512
  
  e9c3c56f5131227c9b80869f73ce562956a02a0dbf6f61ad2d6ccec87416d6420e7e42580e442fcea7ebbef4c64a5837f562ac55070511cb66a6953e1684c56e
- SSDEEP
  
  384:BOAGD19COF0KSSMhJm9hMKCMiTg6ihJSxUCR1rgCPKabK2t0X5P7DZ+RBWeQ2W:fkdlSSWKMBMiTFRJjq
Score

1^/10
behavioral18
- Target
  
  Mods/Microsoft.Build.Framework/3.5.0.0__b03f5f7f11d50a3a/Microsoft.Build.Framework.dll
- Size
  
  36KB
- MD5
  
  f99bce33a613db4b0349c87ec804ff8e
- SHA1
  
  32ac297fa389d5ab5305d9c69c9d9d3b691a373f
- SHA256
  
  61f79495d1d5e1e9fa17cfa2c432a36bda494fffddaf65bc31caf9b7a79cb558
- SHA512
  
  0f82e383259267643033ada8b0b806e2ec9d96f66736d6a2298659e64b46a0125813373dbc8a36629a3a8a19c4ffd3d27a881f0bb8ff243279c44572881fc84c
- SSDEEP
  
  384:nXPdYaYho77uXOkszwXmrs1O2zcTx9IeRe73v0jeLyLZZ8ooCdMh5cz6m9g7usMz:XFpaysfLyLZZ8tGz6H1MZcs9
Score

1^/10
behavioral19
- Target
  
  Mods/Microsoft.Build.Tasks.Resources/2.0.0.0_ru_b03f5f7f11d50a3a/Microsoft.Build.Tasks.resources.dll
- Size
  
  148KB
- MD5
  
  cd5b8d9d45c3d704670898ad6052db13
- SHA1
  
  41f5483a432bf9a0e4db3739464b37c87bf51a38
- SHA256
  
  6eb9e208d0cd03efb740e895f246cd4b5c30495648caa47ad2bf3a5892997cf2
- SHA512
  
  ad4a398e434506c970ba663e26002cc97b73284b8dcb1d0de919376ac08323a21cd3a859341cd514e3dd141db975b90575c94766bde096cf152d0f1438c0d94a
- SSDEEP
  
  3072:f3KKod0GNXnGMgsJD+TMbdP+fT/OjODXcW/OvSfXc/xiXGfjLCIZAl/nyjuiU9Mf:f3KKod0GNXnGMgsJD+TMbdP+fT/OjODe
Score

1^/10
behavioral20
- Target
  
  Mods/Microsoft.Build.Tasks.v3.5.resources/3.5.0.0_ru_b03f5f7f11d50a3a/Microsoft.Build.Tasks.v3.5.resources.dll
- Size
  
  181KB
- MD5
  
  a9c0251433ee414e9fd519d1cb921c1f
- SHA1
  
  319a08ab00db5579814cee59a15d2ee40514fc8f
- SHA256
  
  ec8ef2f210c0cf6bec07aac95c6804368d3aa854b24e2a261fca4da8a0625a18
- SHA512
  
  d10096d81b422cbd2b4397c9aff8286c8c8351ad739aded458fe7599378aeb0844260d676e2617d1db5650921a10bcdd6fae7274fc82f3f5a2193fcef159c1f3
- SSDEEP
  
  3072:cJUgIa1nd5GV9iBuKOgsdBQRQbH/Qj9vABahtiivAzADtibNEfM7Bj8ZpmQRtU+w:cJUgIa1nd5GV9iBuKOgsdBQRQbH/Qj9g
Score

1^/10
behavioral21
- Target
  
  Mods/Microsoft.Build.Tasks.v3.5/3.5.0.0__b03f5f7f11d50a3a/Microsoft.Build.Tasks.v3.5.dll
- Size
  
  784KB
- MD5
  
  9cb439edf7d5afb8d2c16be16449a9ab
- SHA1
  
  4cc8d027dbb89d5e1b2a4aacf233ae579a67e407
- SHA256
  
  665be34195b27ef3b276b54aa3bf9a114001eebb43f865a9e99a5d5ca62caf1a
- SHA512
  
  5c2d8e8a23fafe75191c674ff606b418881aeeea796ecdb98da6e227ee071be92e3836b94a6af977fae39b6af3766dd88525dc7a4320427bbd2308ec032a3d89
- SSDEEP
  
  12288:EYIx2FsSyFcG/2EW5xwipJTFE/Y4gSStG2F0PjqY:E72FsjZ/SRFeStG2F0Pj
Score

1^/10
behavioral22
- Target
  
  Mods/Microsoft.Build.Tasks/2.0.0.0__b03f5f7f11d50a3a/Microsoft.Build.Tasks.dll
- Size
  
  640KB
- MD5
  
  a79343f79cf2b9df10df190e1f02e0c4
- SHA1
  
  4d4ae174bc1b585d5d5e670e58c39402d40c772b
- SHA256
  
  62b499783c811ed9476409859c267850ebca6ae993c7d4392e0761cb2b9e57bc
- SHA512
  
  5f85b182e018ac96eb045746b7fe307a5991d65fbb5717d4be15c8f863914da65cda4f4e9265d3d299d2a4fd99bcfb05f95b7c006120ae474d877e94c332e875
- SSDEEP
  
  6144:EqwBoDMfkbp5cqNbRsLjvNQsQ70cit8LKOgsdBQRQbH/Qj9vABahtiivAzADtibo:ENoDbceb2XvNU0ciUsEJHplrJ0nsv
Score

1^/10
behavioral23
- Target
  
  Mods/Microsoft.Build.Utilities.Resources/2.0.0.0_ru_b03f5f7f11d50a3a/Microsoft.Build.Utilities.Resources.dll
- Size
  
  11KB
- MD5
  
  02821b74881d1b6ce8af560c69a9f723
- SHA1
  
  a385f28d77091cc6f2d9340bd8165c7b21d043c5
- SHA256
  
  29973bfe806f8af1a44fea23db45217cfb82e04b317dc5a0f42d62d9e0262c05
- SHA512
  
  56408991e09b7af6c4cdaae5a8ed77014405fd31e4c1e127d894b75d01384ab89161d431cd660c47b34f5b76a4e5bedd48db44353c32065ce321081706715491
- SSDEEP
  
  192:vqAZ8uGBIXP3QdjVg7AgloCLJi+46Oe4dHOeNeSWv2Vndix3Tl+prWR:vj8uGBI/3Q8nlDM+46l/ae7v2UDqrW
Score

1^/10
behavioral24
- Target
  
  Mods/Microsoft.Build.Utilities.v3.5.resources/3.5.0.0_ru_b03f5f7f11d50a3a/Microsoft.Build.Utilities.v3.5.resources.dll
- Size
  
  18KB
- MD5
  
  457e074aaa044ca2a809b1f8d5f32f7c
- SHA1
  
  9564fc98fc532599397d7f05f93cb073ffe76ffe
- SHA256
  
  af982f359d591d6097776f2fea28d38b2aeb49093d7ede29e150e6e0d59bfd2c
- SHA512
  
  a24e22b44f30bd559e75a7f0a9c07e50c5cf2c162cff96608235f14a94329c28ac6c19691ee3bdd5e021d084ee05831ef2a47682e8cc3a847e0ad0c07c3bcc09
- SSDEEP
  
  384:2DVkZtgf18w34CFWQ/+4HpOgb/ae7p2WShiczWbLXci2jpv+7:SVUE+w3sQ9f2WShD6Mi2jpvQ
Score

1^/10
behavioral25
- Target
  
  Mods/Microsoft.Build.Utilities.v3.5/3.5.0.0__b03f5f7f11d50a3a/Microsoft.Build.Utilities.v3.5.dll
- Size
  
  92KB
- MD5
  
  eeb10085cebe1d10759e086e460e6e7f
- SHA1
  
  fe751d162c7c40a6e296ed6a0a4f85842db175b0
- SHA256
  
  b03a8f139640ca291da992e9fc1587c980f73151a83bac401149ad6b69f39b48
- SHA512
  
  605d422603ef9230682b8c926b4a8c532cc404577f221fe0dbfa51417278286f68f5f5e5c8c1c7496c80eacba413db9d6cc1daccb0ef8a15ab39ae6cf1e0ab14
- SSDEEP
  
  1536:GrzUoiMxfZ120isljhNDUJxM1GLyZ8pG+v6HlZ0DY5e6dkqsBc:GrzUoLi/xM1GWZ8phiHlZ0DY5e6/
Score

1^/10
behavioral26
- Target
  
  Mods/Microsoft.Build.Utilities/2.0.0.0__b03f5f7f11d50a3a/Microsoft.Build.Utilities.dll
- Size
  
  76KB
- MD5
  
  651e9dca9a2da56c25a599b3659e50f6
- SHA1
  
  368e74b0d1a8a736cf72e84fe2b752eb71fd082e
- SHA256
  
  dac9f4c7dd50b80c5b3dcf0b40505d7b969791dbda8fc2723675ab39b654ace8
- SHA512
  
  b17a0ae15b61e266af80bdf96b39f843e6225f0ba6728de2db41c53f67b2e111471499dca8fc85a118f24bd819f370a68faa371a9548fa19aa808cfa0244752b
- SSDEEP
  
  1536:bl+06PisGhlLLUOmZXb0piXMgoHlZ0dMvRy/V:oripQNXb0piXMzHlZ0dMZeV
Score

1^/10
behavioral27
- Target
  
  Mods/Microsoft.Ink.Resources/6.1.0.0_en_31bf3856ad364e35/Microsoft.Ink.Resources.dll
- Size
  
  36KB
- MD5
  
  829e848a671a85a8b165c36a7e09ca1f
- SHA1
  
  5bcc23a60e113cb73656cc2153bff88829d9492d
- SHA256
  
  4bd7d7f7a046a6c6ff217bc9d769b0771e278e9045b4546728e8ad237ac5a7b1
- SHA512
  
  243ea7b634f59e652bf5095a458e3199e7de16f964cf93060552141b907737e5424e162432d12409ffb1a3fddcba4782e67842befb2097f915b92250a3758bf9
- SSDEEP
  
  768:d6RTH9cDtalpv4FtoSzD61qpD1lzdexOgr2:wRTdcDm5OtzGi
Score

1^/10
behavioral28
- Target
  
  Mods/Microsoft.Ink.Resources/6.1.0.0_ru_31bf3856ad364e35/Microsoft.Ink.Resources.dll
- Size
  
  48KB
- MD5
  
  f5e83ea1341deabcc4310819af28f3b6
- SHA1
  
  b500ccaf4e5c504bc5ebf4748242e3631e5aef67
- SHA256
  
  620e6d1668ad144de62a2eb920fe5d0455a3453fab2a738740bb4734c3bc4c33
- SHA512
  
  a780ffe4bafb3938d33bb73dd8e550f6f57ce66ee5dccee8e9d0d0a880070cda0a70fb9bf6cc60101fe0c13c4edd41efb06407e18fa4076e13bfe3bb5353c30c
- SSDEEP
  
  768:Bp43HSNa/6rd7EGnOIoGcjFHTBQIXoJALTy6bXWsXrx:D43yNa/TBlh5LN9
Score

1^/10
behavioral29
- Target
  
  Mods/Microsoft.IntelliTrace.11.0.0.resources/11.0.0.0_ru_b03f5f7f11d50a3a/Microsoft.IntelliTrace.11.0.0.resources.dll
- Size
  
  87KB
- MD5
  
  57631850a3c0ffd09d51313c6ba221ea
- SHA1
  
  febd0241a654661c33ea22df99916b09ddc0819d
- SHA256
  
  548c10bf4dc44f6ba350be501855274c79340ee14a79af77c283aff11952d90b
- SHA512
  
  1f878a5c52f888e061d35ac3677a61701f65417495f71427446809c6a22926500f161fd2476c1f5932b15cd4d95d4bdcb87b3bc3095e3d601ab1366152194e2b
- SSDEEP
  
  768:jl+QXEIOQQD9jpq+Z3Bdef5149Yi5EeCWQzm1WGQV2sbswf/asi5456FWzw:joQXEIPQD9jpPJ4PuE/m1pszfZ8456cc
Score

1^/10
behavioral30
- Target
  
  Mods/Microsoft.IntelliTrace.11.0.0/11.0.0.0__b03f5f7f11d50a3a/Microsoft.IntelliTrace.11.0.0.dll
- Size
  
  1.6MB
- MD5
  
  05f19a4033fa9f7c640eb019b4f08260
- SHA1
  
  6c44c9a0738ec369fd488d3b0e6fd863cd0ab326
- SHA256
  
  b9a13097250b4ff126f2de7ea37bf070efc7a5f60539b29fcbc214e796ef8d7f
- SHA512
  
  7c24ca12acdbe0aec3f5769ce91ac75e87a70c12c3e491310b388ac5be32f4cdf4f02237808d48b193cf4ee7b861d0f5689cb91753a269b5ba55dd23391a7388
- SSDEEP
  
  24576:uk3BOB1mLgNcvq9KGjzI4lYPBlII8qzYB8rIG+ze/7VJCiPvz:uk3BO/mLgNcvq9RjzINMzeDnvz
Score

1^/10
behavioral31
- Target
  
  Mods/Microsoft.MSXML/8.0.0.0__b03f5f7f11d50a3a/Microsoft.MSXML.dll
- Size
  
  68KB
- MD5
  
  9d9b6ddbab38a89344eedb0880f8d702
- SHA1
  
  fa66113b905b9f530d34d19a2c7f4a9265bab5c4
- SHA256
  
  73458b47a3332b1178510cf29cf9f8690b088b384bda86743082d112b08fd1e7
- SHA512
  
  12acab9aea9685ecf23d8a2bd0d79daecea57517630081a292a5d798123035d403e77566ed5e1b03025fbb47d9aa90d12c074c6853ca8d67c8443c0c4159d11c
- SSDEEP
  
  768:7dI0WRVrfcYcndrjpIyfbszRn4m+bdGputSyMCx3By3nAbHiUmpZ1FtW8SbwFZA5:7dIfdfcYAfbM4RkyMCynA5C5xSuty
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Meduza Stealer payload

Meduza family

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Checks installed software on the system

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32