Overview
overview
10Static
static
10Crack.exe
windows7-x64
10Crack.exe
windows10-2004-x64
10WindowsManager.dll
windows7-x64
1WindowsManager.dll
windows10-2004-x64
1assets/Tap...er.dll
windows7-x64
1assets/Tap...er.dll
windows10-2004-x64
1assets/WSe...in.dll
windows10-2004-x64
5assets/Wpc...el.dll
windows10-2004-x64
1assets/WsUpgrade.dll
windows10-2004-x64
7library/AR...et.dll
windows7-x64
1library/AR...et.dll
windows10-2004-x64
1library/Autofac.dll
windows7-x64
1library/Autofac.dll
windows10-2004-x64
1library/Ga...rm.dll
windows7-x64
1library/Ga...rm.dll
windows10-2004-x64
1library/Ga...ht.dll
windows7-x64
1library/Ga...ht.dll
windows10-2004-x64
1General
-
Target
e4b3eb482bd3d7c29067eacd1e52a0256e49cc1560889822f81f34202c6bd6e5.zip
-
Size
1.7MB
-
Sample
241115-nmq1fstcrk
-
MD5
04e9cdc7c6495536c01624fe0c9050fd
-
SHA1
fc6cfce674b7735c5ba1dc9f0f613555f1d23334
-
SHA256
e4b3eb482bd3d7c29067eacd1e52a0256e49cc1560889822f81f34202c6bd6e5
-
SHA512
6f5ffbc6efad0e49d14dad8bf653b746491186f760fb13cca2ecd573ceae8cff5c3e16185b022d5c75819d90af64a5b515eb7f1649d26fbd55a3c0c49af2e19e
-
SSDEEP
49152:p2b1O57sp9A1nCh0Dz2oTtfS0b8D+7uSdKWB:J54pF1ojsWB
Behavioral task
behavioral1
Sample
Crack.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Crack.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
WindowsManager.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
WindowsManager.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
assets/TapInstaller.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
assets/TapInstaller.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
assets/WSearchMigPlugin.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
assets/WpcMigration.Uplevel.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
assets/WsUpgrade.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
library/ARSoft.Tools.Net.dll
Resource
win7-20240903-en
Behavioral task
behavioral11
Sample
library/ARSoft.Tools.Net.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
library/Autofac.dll
Resource
win7-20240903-en
Behavioral task
behavioral13
Sample
library/Autofac.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
library/GalaSoft.MvvmLight.Platform.dll
Resource
win7-20241023-en
Behavioral task
behavioral15
Sample
library/GalaSoft.MvvmLight.Platform.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
library/GalaSoft.MvvmLight.dll
Resource
win7-20240708-en
Behavioral task
behavioral17
Sample
library/GalaSoft.MvvmLight.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
lumma
https://servicedny.site
https://authorisev.site
https://faulteyotk.site
https://dilemmadu.site
https://contemteny.site
https://goalyfeastz.site
https://opposezmny.site
https://seallysl.site
https://forbidstow.site
Extracted
meduza
45.130.145.152
-
anti_dbg
true
-
anti_vm
true
-
build_name
Mazti
-
extensions
.txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite
-
grabber_max_size
3.145728e+06
-
port
15666
-
self_destruct
true
Targets
-
-
Target
Crack.exe
-
Size
2.5MB
-
MD5
713454ca909efaf3a83b636423a6c248
-
SHA1
6c197870b9646b90f5b55bdcd4cfd07019864e98
-
SHA256
9d1701e0510ea2a76a1292999d89627ba30384bcb7eacc3000e331ba728bf8ad
-
SHA512
8a31b7fdfe7a4d1c21f7af401e14c7ae7b420e66bab2fc8310c1341fc8b559a80a12b6b3fb1544358f1e505eb931e466abdf1bd3289618846c4a9167b789a80b
-
SSDEEP
24576:xf2KQ7MvYPh0lhSMXlJu78bG8AQs7QZqxwB42EyuzCBorM5c9ech:tpHvZM78b9Ab7aTEZzwoN
Score10/10-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
WindowsManager.dll
-
Size
433KB
-
MD5
5b7211145cb919b8cac505949d35caa8
-
SHA1
6373c7181bfc64cf140630219db2aefbca2c9f62
-
SHA256
29363cf4cd506dcfbfa2f3d954e2130b85db8068c0a8acae7982a6f1fa657c90
-
SHA512
b553730dc97cfa5e3e920b2484d157757539c7728c693bbce189f911deb5e3697c12eb4bb847d714fc8f83bf481245574ded807e88317b2dd039c97a71384571
-
SSDEEP
12288:CI11++JcRZtddofKKrzHPJ3ii0bL7E6t7y22a:CIKRZtddoPrjR3sP7RtuS
Score1/10 -
-
-
Target
assets/TapInstaller.dll
-
Size
25KB
-
MD5
9cac1ad2f768d22e4aaae577097df7f3
-
SHA1
b059d99cdd50c46948bd6e4ac264c2fe53169b22
-
SHA256
9c050c82c065fe5e7553e73393e59d0b3ca3372e6d590d6eb074b014dab0ea78
-
SHA512
22d59282a9b2aab81884ad1b1391c16755e895b2b79466fc163f30a8e9035498b371781ea0fab40b6e79313a9a54fe90b8903ecb8ad29471eebd02ce269a0be4
-
SSDEEP
384:hxB7Wf+NkjZwWqXteRRUUmi/6XLNrtMQJK2+Katf5kKFKjqfvGBkSG00:/kjSoghrW29skKFKcMkP00
Score1/10 -
-
-
Target
assets/WSearchMigPlugin.dll
-
Size
134KB
-
MD5
b74eb945013d95409a3e071c4029cb02
-
SHA1
d087775c3f00e9c27842cc44bcb27c0f334a865b
-
SHA256
2bdbbd40df3b199cd8ebfc359be451971527e602ab999e23fae524f8edab0ef1
-
SHA512
3c1e8d24a4d0eadec0beb7c3288bbb290d018ddaa104df9e65db0de0d7543ab77c4139de6b20382925e35bb1ee303dca12b2ea418770c70dde33f26be06a1c48
-
SSDEEP
3072:PBBD02DY32F5K7lxgtRx3aHCHGA+48xgJJ5x5N3DPZtQ68f69ru:PBBD02U32F5K7KRxKiHGAP37QXfS
Score5/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
assets/WpcMigration.Uplevel.dll
-
Size
231KB
-
MD5
c92661b900b934ce4e4b7d047aba74e5
-
SHA1
abf1d9b1058fb1f14a091985bd3fa3c2e9140702
-
SHA256
85302fc70223988f2e94c5b443afe8c95f73695f60778bdc8cd5e1316a701841
-
SHA512
34921fccfc07d4080c22d7ff056e92df2bfee61f82212501c9c86d532131c43b2b3655e101439396b887a53180159cb372b222e649bcd7d48ed9952df0a22f6d
-
SSDEEP
3072:aqJFmRDHgpg2Ri14Myz56tvi8UKLBWAUG/+vufW4369gNbv6K9kd+GAmA8C/y:a0otLkMVizsBXUi6qNdkd+GAmA8
Score1/10 -
-
-
Target
assets/WsUpgrade.dll
-
Size
201KB
-
MD5
9d99b0e88cc4eaa43141dea9e31ed3be
-
SHA1
442e48476650e97cfac8e8088a7315b9804be0c1
-
SHA256
061de26f44da62a17eecb71f078ef90a9c8784e7c58500984314c74b32c12e46
-
SHA512
2a0cd7adf67e535cf4a40988d6da4ee69970694875504ea7f7e68cef19e01675557bd3021d867c2bb837d1c3e8287d710259c921967324255c53d0351c6d48df
-
SSDEEP
3072:a0qV+qDh/7k8Rr92ZSbTP6c27UxDOUreaNQbmOhG7/tfxvharBjnt:a0qVHV1IwTPrFtOe/tzarB7
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
library/ARSoft.Tools.Net.dll
-
Size
302KB
-
MD5
452def66509f01d15b43e4c57176d1d8
-
SHA1
fb3438a1b191fb75c76d22023c3478a585756463
-
SHA256
f1fe59774bf1fd914aea33459631837569d78e2c1a68d8c544cb498fcdbbef10
-
SHA512
c5ded39b6f8961bf9e1b77fb07fc41ac321f2e5b9e7a0c4d3a55cf7debb483384b51a8abade6edb9601ea2871cfba65886582cceefcc5010f45c819ec30c625e
-
SSDEEP
6144:/AUw1rf4dPEliWDLdQCc88UviewobzUY+GsKAZ:qbiy3Zc88UtFfU
Score1/10 -
-
-
Target
library/Autofac.dll
-
Size
236KB
-
MD5
f879f97c67c2d03cd47bb7ab1e6dfd51
-
SHA1
a65ec6943e9eb3ca7001f7bc310475709a949d08
-
SHA256
02c445f70273eff02d30055c83e77ce7434dd24f6da485b0231e88b2675795dc
-
SHA512
882db30f98796339a610ce5e5ddd8ad161e231fdd75c5ebd3e552fbb44a618faa09904b01c7c7dcf5834a350a2170c516838bc5de363a89a3a01bb6e0171970a
-
SSDEEP
3072:g36EQo/nAmrSwxl6g6o9We/Bwdc2lSG+qR/EWJS6A6g73yRhxgByGP/aw4cQSOhZ:gBclGKpT6zbcZAhdPSVuoxnBDPTS
Score1/10 -
-
-
Target
library/GalaSoft.MvvmLight.Platform.dll
-
Size
23KB
-
MD5
99a0483ce79d57b52b6a1eacd5f86a12
-
SHA1
443fc60ab490eefea76859cd263fafa15fed26a1
-
SHA256
16a051d25e5256348affa9f64a0919f69efd860c8fd3c3b28cea0a9fa126cd4f
-
SHA512
977719f32b0a4bd10f584a0ee82e7c69664a2a75533f1a3c7799eb89bd5d7c98cece830538372fb7e2263f3c99942ada1e90de50e0ba0e59dfacb8ab8e66d20c
-
SSDEEP
384:2KKUx+mQv787wr/igP39cVT0ojR97dKRSX8iPyZA3gs/bHMQJK2+KatfzNKFKjqI:DKnW3g/oTZjR97dJXTPyA3gs/bk29+Nn
Score1/10 -
-
-
Target
library/GalaSoft.MvvmLight.dll
-
Size
50KB
-
MD5
0fe3d6671024ea3d78aa18dd5adfa613
-
SHA1
3dfdfa5a20c3ded2908198c85aa04b9dae024441
-
SHA256
3baba32bdbcd1f2e715724e41ad97878bdb9fb7b7f85dfadc2f98d6cd68932fb
-
SHA512
84b7a7104ea5cce7c713c6bc2e8c686a684b78fe4949367db6652d285d3d01ebe594070cc993456fac9a21ac2f7a39180ecaf6013d674fce4e42206d0c1c6c55
-
SSDEEP
768:5nVF+heuJxTH6yaDSpAyYZbT0gJHTCNQYRWCiD5MaIN7UAifpzNJ2Ox/KpEsD+KQ:5VKLY5T0gUNQQiltEifpv2sCWRyIr
Score1/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1