Extracted

• • Target

    software v1.24 loader.exe

  • Size

    3.6MB

  • MD5

    75b67e3ddf960879f0bfe4db7f2e61b0

  • SHA1

    323759fbb5a65c89351f8b0ac35c5e8c9e344b0c

  • SHA256

    37d10c32a5efe52fc00b976723dfd1eb1a1851e9cbbde5e49d6ba6d3e1848f89

  • SHA512

    17f3858651831973b733931ebc9c19f3b8356107af7328d90cc30373a294b8c17237f64ad04c0c906cc2b5519b390c23941397cadb347621c261f9b63d695c56

  • SSDEEP

    49152:0QusxfsjLFBjCUYamvmf6L7ePUZ94p/D3WoPt5Yg0O7Qzp:5pp

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1