meduza | d30a1b9d067bac02d43e660d0c3924e44fb64becef529a86b9eb0799312d97be | Triage

Sharing

General

Target

d30a1b9d067bac02d43e660d0c3924e44fb64becef529a86b9eb0799312d97be.exe
Size

59.8MB
Sample

241103-elscfstnft
MD5

07185b28ac6e7b8a49d452ededb9a6f8
SHA1

2390ff463d4cb37799f46081f381fc7a8551a959
SHA256

d30a1b9d067bac02d43e660d0c3924e44fb64becef529a86b9eb0799312d97be
SHA512

7f8852e4b8db80c22370ee62d49c1e5871551dd7e4a0ab56d5f7e1479ba9dffc1a11e0a92318c139322663f1c9c287ac8e0aecd9e0d758bd4ca8ccb46cb6d937
SSDEEP

786432:L9T/j0+mSyv3+gc5ibDB28+oFwjvYKM289vy3TOZ34wWIN34:L9T/j1mSyvf28+u289l4u

Score

10^/10

meduza discovery execution stealer

Malware Config

Extracted

Family

meduza

C2

176.124.204.206

Attributes

anti_dbg
true
anti_vm
true
build_name
mounew
extensions
.txt
grabber_max_size
1.048576e+06
port
15666
self_destruct
false

Targets

- Target
  
  d30a1b9d067bac02d43e660d0c3924e44fb64becef529a86b9eb0799312d97be.exe
- Size
  
  59.8MB
- MD5
  
  07185b28ac6e7b8a49d452ededb9a6f8
- SHA1
  
  2390ff463d4cb37799f46081f381fc7a8551a959
- SHA256
  
  d30a1b9d067bac02d43e660d0c3924e44fb64becef529a86b9eb0799312d97be
- SHA512
  
  7f8852e4b8db80c22370ee62d49c1e5871551dd7e4a0ab56d5f7e1479ba9dffc1a11e0a92318c139322663f1c9c287ac8e0aecd9e0d758bd4ca8ccb46cb6d937
- SSDEEP
  
  786432:L9T/j0+mSyv3+gc5ibDB28+oFwjvYKM289vy3TOZ34wWIN34:L9T/j1mSyvf28+u289l4u
Score

10^/10

discovery execution meduza stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

meduzadiscoveryexecutionstealer