meduza | 6fbf227c5d4c713d0621a8045ee4e232094e84354b0824ae2ef0e9694e09b3f1 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-11-06...uk.exe

windows7-x64

2024-11-06...uk.exe

windows10-2004-x64

Sharing

General

Target

2024-11-06_97157c0cbe3762ec9b2515571f8c2265_ryuk
Size

3.6MB
Sample

241106-rzw9sa1mdx
MD5

97157c0cbe3762ec9b2515571f8c2265
SHA1

8544ed5273f6666654bca48fd413602a68f66e53
SHA256

6fbf227c5d4c713d0621a8045ee4e232094e84354b0824ae2ef0e9694e09b3f1
SHA512

194d7ecbf31695e75c065e711cac5526861e54782fb5d42bf85eafdf7984cab056d6f7ac3c961003f5b0286626afe95d90a1db01153523de38bde328e55d76ae
SSDEEP

49152:bByPnIG49AmfFxCXmoOiXXgPwZfv2vl+hG/exfF:

Score

10^/10

meduza stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-11-06_97157c0cbe3762ec9b2515571f8c2265_ryuk.exe

Resource

win7-20240903-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-11-06_97157c0cbe3762ec9b2515571f8c2265_ryuk.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

89.22.239.174

Attributes

anti_dbg
true
anti_vm
true
build_name
mounov
extensions
.txt
grabber_max_size
4.194304e+06
port
15666
self_destruct
false

Targets

- Target
  
  2024-11-06_97157c0cbe3762ec9b2515571f8c2265_ryuk
- Size
  
  3.6MB
- MD5
  
  97157c0cbe3762ec9b2515571f8c2265
- SHA1
  
  8544ed5273f6666654bca48fd413602a68f66e53
- SHA256
  
  6fbf227c5d4c713d0621a8045ee4e232094e84354b0824ae2ef0e9694e09b3f1
- SHA512
  
  194d7ecbf31695e75c065e711cac5526861e54782fb5d42bf85eafdf7984cab056d6f7ac3c961003f5b0286626afe95d90a1db01153523de38bde328e55d76ae
- SSDEEP
  
  49152:bByPnIG49AmfFxCXmoOiXXgPwZfv2vl+hG/exfF:
Score

10^/10

meduza stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy