Extracted

• • Target

    2024-11-06_3618438fe272a4c5105028c48dba124b_ryuk

  • Size

    3.6MB

  • MD5

    3618438fe272a4c5105028c48dba124b

  • SHA1

    82c373097aae026b9a299685b84ed80450a6d431

  • SHA256

    9277af2aca20333cd009cbb5ef9b74ade3b0dfba1b7f30d09f46e49c416bf6da

  • SHA512

    579d1dfa22d6478f9d2a0846925f23ca1dd925acf7bb33ce0206ebb974ec8726322f141b1b4c18dff1e10fd47d5594fc480d82f63b74869feebd7ab30bd3e395

  • SSDEEP

    24576:bw317sPycp8nCB3CpOVdLLe8fs6CZ9iVlsF5iVOP9OnAvG4DnZ4hB0+qnXlWxK04:bByPnIkeLLnMZvlZy0+tKvWt

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2