meduza | 376cff4973894ab386aa8e788c5033189bacd66a39f9da1ae20ee18ced749ab9 | Triage

Submit
Reports

Overview

overview

Static

static

3

BTC-Stealer.exe

windows7-x64

8

BTC-Stealer.exe

windows10-2004-x64

BTC-Stealer.exe

windows11-21h2-x64

Sharing

General

Target

BTC-Stealer.zip
Size

382KB
Sample

241116-znv7catejc
MD5

141d9e658058d8ddb0eca02b8272df07
SHA1

ee76a26dc206a622e046d232632987fc1a3b4a9b
SHA256

376cff4973894ab386aa8e788c5033189bacd66a39f9da1ae20ee18ced749ab9
SHA512

46f1631c4212ae7e63723a57aac2cbc50935dc7a6e10db47aa94128822a03f49c54821c88b4f77f92d6a7e1886012c5393c89af77b279d09fab3f8a92820c161
SSDEEP

3072:FaGF999ZnBvhvL2hgweyrQr0dbqYFbXZrA3Mam7cHZYJ0r4wAEXZ0s:MWJvZ+eKQr0dbqYF+n1Ua4wAEX6s

Score

10^/10

meduza collection discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BTC-Stealer.exe

Resource

win7-20241010-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

BTC-Stealer.exe

Resource

win10v2004-20241007-en

meduza collection discovery spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral3

Sample

BTC-Stealer.exe

Resource

win11-20241007-en

meduza collection discovery spyware stealer

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

45.130.145.152

Attributes

anti_dbg
true
anti_vm
true
build_name
Work
extensions
.txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite
grabber_max_size
4.194304e+06
port
15666
self_destruct
false

Targets

- Target
  
  BTC-Stealer.exe
- Size
  
  201.3MB
- MD5
  
  de367e953006531022f59c6c3700e4b4
- SHA1
  
  ea0383a88ba077c29cfbbd5c14ffc03497d0fea3
- SHA256
  
  3b3e5cd21b9ee308ce4a04e1a7a1f0f2c5f44fc6633300b57bddd3ffa41a04e3
- SHA512
  
  a043571e267131eded7a04f9221e8cb8f5ba7608fadf2a48bed6fc2ab5f98a157ab375bff4c342755dad64e994cc545c07fe919f1e52c649a640f1f6019f41ab
- SSDEEP
  
  6144:SitPBXe1j1agJRe6qTF38D6t6HTOJcmhrf:SuBmagJRe6qc6t6z2f
Score

10^/10

meduza collection discovery spyware stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

meduzacollectiondiscoveryspywarestealer

behavioral3

meduzacollectiondiscoveryspywarestealer

© 2018-2025

Terms | Privacy