General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241031-lw8krawdkf
-
MD5
fd89c359ab4ac38da6cf7fe6dabdb457
-
SHA1
9c2a99beb692849ba3eb11d114334636df04f5ff
-
SHA256
a19257d178d7f240c830b29e8bb55d9b6320dc1b56795e4fa90267419ed4070c
-
SHA512
27e63d09f31a33bbaeae48bb64c3802623a20352657e218b04c0378e88a1b090629c85a09cce6f56a417abb12c1dc6f5cc8b7456c9c58bf05ffd33a0e2eb5904
-
SSDEEP
24576:mH7eZ9qb3yhIK20e6yaftS/h0lhSMXlEnuxl6XjxIp/jZKUSd5gnU+ZpdF:S7eZu3y+wsuxgXjCtj5Sd5Grn
Malware Config
Extracted
meduza
109.172.94.66
-
anti_dbg
true
-
anti_vm
true
-
build_name
Install
-
extensions
.txt
-
grabber_max_size
1.048576e+06
-
port
15666
-
self_destruct
false
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
fd89c359ab4ac38da6cf7fe6dabdb457
-
SHA1
9c2a99beb692849ba3eb11d114334636df04f5ff
-
SHA256
a19257d178d7f240c830b29e8bb55d9b6320dc1b56795e4fa90267419ed4070c
-
SHA512
27e63d09f31a33bbaeae48bb64c3802623a20352657e218b04c0378e88a1b090629c85a09cce6f56a417abb12c1dc6f5cc8b7456c9c58bf05ffd33a0e2eb5904
-
SSDEEP
24576:mH7eZ9qb3yhIK20e6yaftS/h0lhSMXlEnuxl6XjxIp/jZKUSd5gnU+ZpdF:S7eZu3y+wsuxgXjCtj5Sd5Grn
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-