General
-
Target
7aaaf5fa8e2f99f4797e46fb7c2d61194ae5dc0fb6a1405ff3ca095e470999b0.exe
-
Size
1.0MB
-
Sample
241115-c6jjya1lgj
-
MD5
7718d813b9f30a72b09f51b9a1821dde
-
SHA1
f2305f27f25cbff9282ebc3fdb000a16a17f95bc
-
SHA256
7aaaf5fa8e2f99f4797e46fb7c2d61194ae5dc0fb6a1405ff3ca095e470999b0
-
SHA512
4a695853308176a0737a264862fc113e149038cf5306f59f977eb9c3bd2f6e2b2677705b90932a9250573f21f32aa3f4707622a5b080ec76cdb117abb848a1f4
-
SSDEEP
24576:dcqk8HBoh0lhSMXloTEJlsxiw5qS8YmC3D6ZtEyF:av8H/4TEbsoIT6
Static task
static1
Behavioral task
behavioral1
Sample
7aaaf5fa8e2f99f4797e46fb7c2d61194ae5dc0fb6a1405ff3ca095e470999b0.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7aaaf5fa8e2f99f4797e46fb7c2d61194ae5dc0fb6a1405ff3ca095e470999b0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
meduza
45.130.145.152
-
anti_dbg
true
-
anti_vm
true
-
build_name
Work
-
extensions
.txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite
-
grabber_max_size
4.194304e+06
-
port
15666
-
self_destruct
false
Targets
-
-
Target
7aaaf5fa8e2f99f4797e46fb7c2d61194ae5dc0fb6a1405ff3ca095e470999b0.exe
-
Size
1.0MB
-
MD5
7718d813b9f30a72b09f51b9a1821dde
-
SHA1
f2305f27f25cbff9282ebc3fdb000a16a17f95bc
-
SHA256
7aaaf5fa8e2f99f4797e46fb7c2d61194ae5dc0fb6a1405ff3ca095e470999b0
-
SHA512
4a695853308176a0737a264862fc113e149038cf5306f59f977eb9c3bd2f6e2b2677705b90932a9250573f21f32aa3f4707622a5b080ec76cdb117abb848a1f4
-
SSDEEP
24576:dcqk8HBoh0lhSMXloTEJlsxiw5qS8YmC3D6ZtEyF:av8H/4TEbsoIT6
Score10/10-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-