Overview

overview

10

Static

static

3

Gdswt46g.dll

windows11-21h2-x64

1

gsdr3y4.dll

windows11-21h2-x64

1

setup7.0.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup7.0.zip

  • Size

    1.3MB

  • Sample

    241110-al6smavhnf

  • MD5

    caf07843d0eec5fd5d9b131256361752

  • SHA1

    1ce0acf5f2b521752440ce6d1c108a365a1dca50

  • SHA256

    abdc12b4bb4b9a7309bc067be6b097a4e11b0dccbf19494edb971b510303c923

  • SHA512

    b72e81797f4d3264b12675e2d35c56d76ec9110c3814776068d23a51c5de20ed3bd0dd414fb3f0564633b408dc040eaf8407c5e319df7014c9249e5fbaea2839

  • SSDEEP

    24576:kmmVkxtlqjBxiFJJ6VmNNvDcyxE1kzZefVInqEOOUy5d2DWu2vpL/tVH5fCA:kmms7WBx+JbNoyxmkzUtIDOOUyuR2h/t

Score
10/10
meduzacollectiondiscoveryspywarestealer

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    153

  • extensions

    none

  • grabber_max_size

    1.048576e+06

  • links

    none

  • port

    15666

  • self_destruct

    true

Targets

    • Target

      Gdswt46g.DLL

    • Size

      12B

    • MD5

      dc72bdebf3016a463eb4e209af1aefe1

    • SHA1

      9bde7acc8b748a89daee4d756fa57ce3007e82a9

    • SHA256

      472e48643c0b957bb7c612448330f07ce0cb71e14541c6b0b9ce789bc82e91da

    • SHA512

      de6999ebc8dd931a4417c6861e36127a6b7caca1543f1db94eb90c3624045ee57398d2fb1a4841e0647ac0191ab41a04d6dc8642c7f1b888743a03a985c65ea5

    Score
    1/10
    behavioral1

    • Target

      gsdr3y4.DLL

    • Size

      128KB

    • MD5

      d4a3019fba1509a1e1faf0115b512c84

    • SHA1

      cc85bc0017e4e20387c8dd0b1eaff31a5ddb473a

    • SHA256

      563062fd6c6a2a84ebe6e35e9bb045ef1bc240cdcd20dc557c1957e80ccf932c

    • SHA512

      1505c567b1333a02eea5a5356ec0878c87461c22272ea693e651040df59f0677f784248f67c8d5f293be25b746596112bfed61921d6e640887f0955aab23776c

    • SSDEEP

      1536:cdZTYMYIKPRhJjRn4udcdugdKBH0g01+gZrxtQQzQeWV9JhtgTKzMyLL/gB:ai7ImJjeudccg00gA+AxtErtZvLjY

    Score
    1/10
    behavioral2

    • Target

      setup7.0.exe

    • Size

      1.7MB

    • MD5

      2c685fc5572fee6107d76c17fa873a45

    • SHA1

      05436164ce59ab80e0bcae7aa779b2426866446e

    • SHA256

      f585f729ebcdaf7a70e16690398cca0036d1dd4c398b4044004e7ab0ccc6bf56

    • SHA512

      6bd9fbf04c75c0a6a07846233e5cb31f7f8373f3bd2fc62f70f27c34d37d640d80647ca980530ba99d77586a954c73899a257e1dc2e422279a0c46f69e2107e3

    • SSDEEP

      49152:Fbo95a6iGYqDAtQRcsZT6jgLUcSEubOJE5eo55iRQ6Uoy:SDAtQ+sZ2jgQc7Cwk55i3

    Score
    10/10
    meduzacollectiondiscoveryspywarestealer

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Meduza family

      meduza

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks