meduza | ee3ee7281e5212dce46722ae11d7ee506227ec7d209d842c75ade53e526684fe | Triage

Sharing

General

Target

ee3ee7281e5212dce46722ae11d7ee506227ec7d209d842c75ade53e526684fe.zip
Size

26.0MB
Sample

241103-eqgfravbre
MD5

9145da7ac2d84060ffd315627fa69d86
SHA1

36f0579e7a7b5408fc10721178b636523e5624f5
SHA256

ee3ee7281e5212dce46722ae11d7ee506227ec7d209d842c75ade53e526684fe
SHA512

9d47cf599372ab0ad18f77fb9466b91a0ca44436196b5408469a6326e363a54d37c4a81e9af7fc1db4489c6c30c4d5abc634c1d12bd90bdad79425323259f9eb
SSDEEP

786432:YsDUI3UjdUb+AeA7yq56giZl0sqogAdqLaqtdG:vDSj++AyuDsq/AdquH

Score

10^/10

meduza discovery execution stealer

Malware Config

Extracted

Family

meduza

C2

176.124.204.206

Attributes

anti_dbg
true
anti_vm
true
build_name
mounew
extensions
.txt
grabber_max_size
1.048576e+06
port
15666
self_destruct
false

Targets

- Target
  
  Client/Client.exe
- Size
  
  59.8MB
- MD5
  
  07185b28ac6e7b8a49d452ededb9a6f8
- SHA1
  
  2390ff463d4cb37799f46081f381fc7a8551a959
- SHA256
  
  d30a1b9d067bac02d43e660d0c3924e44fb64becef529a86b9eb0799312d97be
- SHA512
  
  7f8852e4b8db80c22370ee62d49c1e5871551dd7e4a0ab56d5f7e1479ba9dffc1a11e0a92318c139322663f1c9c287ac8e0aecd9e0d758bd4ca8ccb46cb6d937
- SSDEEP
  
  786432:L9T/j0+mSyv3+gc5ibDB28+oFwjvYKM289vy3TOZ34wWIN34:L9T/j1mSyvf28+u289l4u
Score

10^/10

discovery execution meduza stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

meduzadiscoveryexecutionstealer