meduza | 6263911d40e3d843511192a749df5a15baa22c458b508917bdd42fe789a82117 | Triage

Sharing

General

Target

SecuriteInfo.com.Win64.CrypterX-gen.23557.8276.exe
Size

1.8MB
Sample

241102-xcskza1rcs
MD5

bf5fa99ac2a1f544d9be836d348c1573
SHA1

73c9c098b1543ba66496c7e05698cf90b7fd633d
SHA256

6263911d40e3d843511192a749df5a15baa22c458b508917bdd42fe789a82117
SHA512

da4509edf73656f8c4bc396df9d4fe6d35b527e7205dbb94025d04875db7635a569a041125785d7d4a9cceef794ddeed4b6d9bea202eea030ff818bccf3e1029
SSDEEP

24576:7E4BJcvtGl5dN1JPzl2TFh0lhSMXl1M9u+++4zA+V/F6D6uJ1/ORnnrU:o4BJcsVfm9uHaa/F06um

Score

10^/10

meduza stealer

Malware Config

Extracted

Family

meduza

C2

176.124.204.206

Attributes

anti_dbg
true
anti_vm
true
build_name
hellsingnew
extensions
.txt
grabber_max_size
1.048576e+06
port
15666
self_destruct
false

Targets

- Target
  
  SecuriteInfo.com.Win64.CrypterX-gen.23557.8276.exe
- Size
  
  1.8MB
- MD5
  
  bf5fa99ac2a1f544d9be836d348c1573
- SHA1
  
  73c9c098b1543ba66496c7e05698cf90b7fd633d
- SHA256
  
  6263911d40e3d843511192a749df5a15baa22c458b508917bdd42fe789a82117
- SHA512
  
  da4509edf73656f8c4bc396df9d4fe6d35b527e7205dbb94025d04875db7635a569a041125785d7d4a9cceef794ddeed4b6d9bea202eea030ff818bccf3e1029
- SSDEEP
  
  24576:7E4BJcvtGl5dN1JPzl2TFh0lhSMXl1M9u+++4zA+V/F6D6uJ1/ORnnrU:o4BJcsVfm9uHaa/F06um
Score

10^/10

meduza stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2