meduza | cc9c73aac9f1c82c39f84f29d4509cfd439f45fa4685ca4e15b6e4af7db13925 | Triage

Sharing

General

Target

cc9c73aac9f1c82c39f84f29d4509cfd439f45fa4685ca4e15b6e4af7db13925N
Size

2.5MB
Sample

241106-2awl3a1pcj
MD5

628e890bda2ac6042c811f60f819e130
SHA1

39fb4ef585197107f3418228e490529b98249054
SHA256

cc9c73aac9f1c82c39f84f29d4509cfd439f45fa4685ca4e15b6e4af7db13925
SHA512

32a04101f317f39e9c9fd4da22aa793c2f990898644c751457499f58ad51a439afdb7ce99d850950216a9d83fdbf996e65bcf3277b7c91230e8f75f7266a2b94
SSDEEP

24576:yCzGVH7Och0lhSMXl7+wzJ+EZ+e/qLH4aDtSGSVBK0pQos:yMGVbo6bu/qLpgGSTpp

Score

10^/10

meduza stealer

Malware Config

Extracted

Family

meduza

C2

109.172.94.66

Attributes

anti_dbg
true
anti_vm
true
build_name
SEO
extensions
.txt
grabber_max_size
1.048576e+06
port
15666
self_destruct
false

Targets

- Target
  
  cc9c73aac9f1c82c39f84f29d4509cfd439f45fa4685ca4e15b6e4af7db13925N
- Size
  
  2.5MB
- MD5
  
  628e890bda2ac6042c811f60f819e130
- SHA1
  
  39fb4ef585197107f3418228e490529b98249054
- SHA256
  
  cc9c73aac9f1c82c39f84f29d4509cfd439f45fa4685ca4e15b6e4af7db13925
- SHA512
  
  32a04101f317f39e9c9fd4da22aa793c2f990898644c751457499f58ad51a439afdb7ce99d850950216a9d83fdbf996e65bcf3277b7c91230e8f75f7266a2b94
- SSDEEP
  
  24576:yCzGVH7Och0lhSMXl7+wzJ+EZ+e/qLH4aDtSGSVBK0pQos:yMGVbo6bu/qLpgGSTpp
Score

10^/10

meduza stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2