Extracted

• • Target

    2024-11-06_5024f2c3f11375e0893ccda0e04ebfdd_ryuk

  • Size

    3.6MB

  • MD5

    5024f2c3f11375e0893ccda0e04ebfdd

  • SHA1

    268d89984d7aec9a4d81dbb4a0b211acb2017a38

  • SHA256

    349bbccc9d601af30dfcc8cf9b33ecd4eb403b6e1056a72a6838b673c056b0b4

  • SHA512

    62a0c35ede5ae23e40383727fc0a2ff54037464bf61ce5bdf3b78002ed3272733f38e0e500759546ec791bfc73b8aede6ec8c881d6ed0c9655a9cb658eb03569

  • SSDEEP

    24576:bw317sPycp8nCB3C5yqUwIdD0deu1oAf/4Z0sRTfRkmOWJjdpQVcz/1/CtLnEBE4:bByPnI7NUf/uRTJXz5p/MjoLIa

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2