Overview

overview

10

Static

static

10

1628-0-0x0...ry.exe

windows7-x64

1628-0-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1628-0-0x0000000002130000-0x0000000002273000-memory.dmp

  • Size

    1.3MB

  • MD5

    b13bc45da3db758999919c48f452eebf

  • SHA1

    368d967a6d7c0b03139fb0f93f011aab910d107e

  • SHA256

    54a1085fe1128158414e5d89e71ada8270fb87c07163e6fb2eceaac66cb7af48

  • SHA512

    6ea150fb28d742837c941ba38e862c8db2b05bee9117ba42cdfe8bf378833e4372833bdde649349801a01f107b7466f72b5aafc3490afe7f092988006c6ead85

  • SSDEEP

    24576:lqKFWNKEKlzS/Zk8pkKO/9KEwdwcvRSRmwiwh0lhSMXl/GD0r:ONKEKlIZk8pkKm4dwcvRovie

Score
10/10
meduza

Malware Config

Extracted

Family

meduza

C2

176.124.204.206

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    kapitan

  • extensions

    .txt

  • grabber_max_size

    1.048576e+06

  • port

    15666

  • self_destruct

    false

Signatures

  • Meduza Stealer payload 1 IoCs
  • Meduza family
    meduza
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1628-0-0x0000000002130000-0x0000000002273000-memory.dmp
    .exe windows:6 windows x64 arch:x64


    Headers

    Sections