Extracted

• • Target

    software v1.24 loader.exe

  • Size

    3.6MB

  • MD5

    cdb737ca563007eca0a4248f10127d44

  • SHA1

    b6e25b3cd664167a2869a6698a0f5a05de7f75ba

  • SHA256

    6699eb14a5ac8482f2a56a7d5856a9779aed92038726cc46f3b1d1847e9bd672

  • SHA512

    8575fea4e3bc70dd3f29c1c34224d61db7a191a8a47035b90a1915c54053b6cbcff10edc7d580abf2721005a194b53cd7ca428da18fd55a627b5c17ffe8288d6

  • SSDEEP

    49152:0QusxfsL8ICi+n3PJczHO/gEDkJKNEsZIdZjyV1AhDdTyp:5dp

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1