Overview

overview

10

Static

static

3

Crosshair-...-X.exe

windows7-x64

10

Crosshair-...-X.exe

windows10-2004-x64

10

Crosshair-...ler.js

windows7-x64

3

Crosshair-...ler.js

windows10-2004-x64

3

Crosshair-...ew_.js

windows7-x64

3

Crosshair-...ew_.js

windows10-2004-x64

3

Crosshair-...ler.js

windows7-x64

3

Crosshair-...ler.js

windows10-2004-x64

3

Crosshair-...der.js

windows7-x64

3

Crosshair-...der.js

windows10-2004-x64

3

Crosshair-...een.js

windows7-x64

3

Crosshair-...een.js

windows10-2004-x64

3

Crosshair-...get.js

windows7-x64

3

Crosshair-...get.js

windows10-2004-x64

3

Crosshair-...get.js

windows7-x64

3

Crosshair-...get.js

windows10-2004-x64

3

Crosshair-...get.js

windows7-x64

3

Crosshair-...get.js

windows10-2004-x64

3

Crosshair-...dow.js

windows7-x64

3

Crosshair-...dow.js

windows10-2004-x64

3

Crosshair-...x.html

windows7-x64

3

Crosshair-...x.html

windows10-2004-x64

3

Crosshair-...-X.exe

windows7-x64

3

Crosshair-...-X.exe

windows10-2004-x64

3

Crosshair-...ler.js

windows7-x64

3

Crosshair-...ler.js

windows10-2004-x64

3

Crosshair-...ew_.js

windows7-x64

3

Crosshair-...ew_.js

windows10-2004-x64

3

Crosshair-...ler.js

windows7-x64

3

Crosshair-...ler.js

windows10-2004-x64

3

Crosshair-...der.js

windows7-x64

3

Crosshair-...der.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Crosshair-X-Crack-master.rar

  • Size

    5.0MB

  • Sample

    241117-rhz94swlfm

  • MD5

    e6e9c6740971a9f7340d558c89d2661c

  • SHA1

    e01a411521db957cd96d0758214145b50a60728b

  • SHA256

    788a4eea7277e8285060d1f1944160ff40c3b94bf10fb03f05e899a34c50b0a8

  • SHA512

    56450dddee00f9ee3f14f57a804f916f7d966f3500baf9bc47379e60f47a31ee1c049bade96d981fe4bd1fc8fc77cb1357da347a2588d2aa14246c56e31a1ee5

  • SSDEEP

    98304:v114GVW2eWHspYxouoO1+MBGKeKe3UEel1YyHXKzw71/23Ep9ptLgeMcAp8gsGQN:v114J3WHsGjjGoEIN1/eK/FqLpY

Score
10/10
meduzacollectiondiscoveryexecutionspywarestealer

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    665

  • extensions

    none

  • grabber_max_size

    1.048576e+06

  • links

    none

  • port

    15666

  • self_destruct

    true

Targets

    • Target

      Crosshair-X-Crack-master/Crosshair-X-Crack-master/Crosshair-X.exe

    • Size

      4.1MB

    • MD5

      b3450b609d12e41f5e7482b7fcecbaf1

    • SHA1

      99e91e22ff71e651cb6453437d15dae74f3d9c8e

    • SHA256

      ab76439d232ce9d53c8de49a5546c63666a4327fcb49477a8ae3dda69653e928

    • SHA512

      f6dab8b9bda25aa2d1ba9062ec9c9bd38f27a7835bb4af9d629c7b9ec6c0928dc50310a107694e97c60c189ddb2558e604693fc2a11da1307c96a3752ef0c279

    • SSDEEP

      49152:qxGK0l3e3uxB6FwwtJzPOfvjO9k4FgU4f/DRlP/ABnIhCqoaIR+Z:qxGK09yuVZ

    Score
    10/10
    meduzacollectiondiscoveryspywarestealer

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Meduza family

      meduza

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Crosshair-X-Crack-master/Crosshair-X-Crack-master/lib/app/modules/news/controllers/news_controller.dart

    • Size

      1KB

    • MD5

      9cc308112ebbf90fbae523f317fe5549

    • SHA1

      f3e377926f8ecc616d24802a4397f3771a4e5bd3

    • SHA256

      cf65e71fd75f717336de6501f17c081fae496cd70893de8454317e3723a9eb6b

    • SHA512

      67e762d6498567f0720acdd99133029723f45e122792cb00bbdb7d958555785e6ed104c9ee77918c7db73ca9359e29d3c445172168824dfedbda0ac93cca6c0f

    Score
    3/10
    execution
    behavioral3behavioral4

    • Target

      Crosshair-X-Crack-master/Crosshair-X-Crack-master/lib/app/modules/news/views/news_view_.dart

    • Size

      6KB

    • MD5

      a8c703f3e2544e279f76595a9944c2e7

    • SHA1

      696828425778f80aeecebc45d7ae784c933b78ef

    • SHA256

      43b27bf0b47bf8334beef65765b0df233f0751fef0adfd7f232e07ddc6182cf1

    • SHA512

      237fca401df4a7bfc321a6e16ac98f60764ed88fb93f2568fdc2d889a4de495256d5a7df94d84d755c10fb50306b3c6a885117f2a07e9e1cdaed44b0a4f5fe46

    • SSDEEP

      48:XqjtUunPBJavlKZwlRID2SkhZEkwe2C24a2zc2IO2af2v2qz24DmIb+R9/Hz+H1R:XkBJaquIDGhZEkwMdcvTIR9/0vUQj

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      Crosshair-X-Crack-master/Crosshair-X-Crack-master/lib/app/modules/profile/controllers/Profile_controller.dart

    • Size

      620B

    • MD5

      a6a436d86514ad674e214ae0101fd7fc

    • SHA1

      c1150cac1b48a3a3d86ea11f2cc5fcbb177cd191

    • SHA256

      eba89f5269d8e85344aacfaad3fc6c025c3175e3c2625d274a2fa12be6cafeaa

    • SHA512

      a2503a936126ffe85e7d520fbff9c20874b71269b9dbe805bb083ec4ac0eea47ececcf559659ac5d076722382f67e50813cdeb7d030bb99bca2f03b08ec3fcd7

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      Crosshair-X-Crack-master/Crosshair-X-Crack-master/lib/provider/auth_provider.dart

    • Size

      2KB

    • MD5

      124df5912a05df48f15d433d4525296b

    • SHA1

      1a338690ff17d72e14a1c2117b2926918f19f383

    • SHA256

      76aaa69023efea67fc92f7131f984df4c1d00c3e41cfcfa96492f6d0efb5bd7e

    • SHA512

      2a13baa24bc6762ad4c7cb874efee63b7fe7c588b1401774c27b7df063d96600868e05bfe95d8f2592d30ee2e7d08a12869b85327b39cde8c87afe22ebb96171

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      Crosshair-X-Crack-master/Crosshair-X-Crack-master/lib/screen/login_screen.dart

    • Size

      8KB

    • MD5

      319538d10d4e547074cbb221c2c4eb9d

    • SHA1

      7b6b85885e5038fdd89e5244db8562554f84bd8e

    • SHA256

      a32e8dd794f332e175a689a8b53b2d3d178396b7c2274b7e5607a142dd2543a7

    • SHA512

      c9998977626c747bd455e77453db52fd66682b7f3d8ba245bc46cb2f6aceac506e723c8d702ccc5bd74aafee8666aac61c8e1649af95296e118b1711ad4752e3

    • SSDEEP

      96:5aobJgPuFHuzw2TTklyy0UTwqo7IAFBzgAkqDzUl6kU49iH48R4T:5aobJCzw2TolNfTw37hBzgwDzs6kBig

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      Crosshair-X-Crack-master/Crosshair-X-Crack-master/lib/widget/imgpick/imgpick_widget.dart

    • Size

      902B

    • MD5

      9f286c936430d538d924e2d857e76f8f

    • SHA1

      abf3897f78783fbcdc7bebafa89b3e9113c4a549

    • SHA256

      ec28cbbbdd417b614c27c2a728dcc7872ed53ddc8382606fa59d18f8b587e5ff

    • SHA512

      bbdeb84f93b2dddd1c31accb26ba07513b5ab07fb9a3d39bd7cb946261dc04d18a363c92f3d3424bfeb1302e0bcfd22a9d82f69a7acafc53ea48ad320ecf103b

    Score
    3/10
    execution
    behavioral13behavioral14

    • Target

      Crosshair-X-Crack-master/Crosshair-X-Crack-master/lib/widget/textfield/textfield_email_widget.dart

    • Size

      1KB

    • MD5

      9248a023e113894582f55169caf4e264

    • SHA1

      58f3e32c8c2719f9d745aadc24a47249c3d3b8bb

    • SHA256

      ad7090a61c90bd5447158a024ba54bb5d2e0a179c662b48311bb8596733e7d36

    • SHA512

      831b85f5a61950b332681f9b4250be9c9492998f4687f4eb256e71cd6a637f8cdf723a7bdf9adb50aae45c13076a3d030bb621e6b2df1d5f5e864b537d3871eb

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      Crosshair-X-Crack-master/Crosshair-X-Crack-master/lib/widget/textfield/textfield_pass_widget.dart

    • Size

      1KB

    • MD5

      deec46636ca5049fd836457090307ee9

    • SHA1

      9f80a561491410a3fceea9e7f6bb23669c29c51f

    • SHA256

      697ea0bf194bba6ff11fcd6f4f8d354b14d00d27ba87cf2215d232d5fab0a996

    • SHA512

      97a79ed6959b4946e946d776f32f8575ab50fc5b177cd0146f56d95e428c1254e37eca095452451a4af584ca2bdf81baeda3534f8b83941f4ca7370375a4f783

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      Crosshair-X-Crack-master/Crosshair-X-Crack-master/macos/Runner/MainFlutterWindow.swift

    • Size

      388B

    • MD5

      4a747b1f256d62a2bbb79bd976891eb5

    • SHA1

      a69f4859b6b5950e1f8f39867ea784d4e8eb61a1

    • SHA256

      65c9613c11bcedfa51416b16c975d8ba6ff12b405fc19d60db8755d92e86d9fe

    • SHA512

      a0cc02c97f67d7416cf4bb53d633d715b0bde43648c076d4160bfaaf10352dbf2bbf2e014c86ed929771d53e179d92863fb907f54a2bb0a5848e2ad65845eabe

    Score
    3/10
    execution
    behavioral19behavioral20

    • Target

      Crosshair-X-Crack-master/Crosshair-X-Crack-master/web/index.html

    • Size

      1KB

    • MD5

      d1f3189eb4999ae4d9385df1343caa7a

    • SHA1

      03b10b563457fd9f0f269bf14d14d3ee666166c3

    • SHA256

      78a5158d848bbbad0575ece573c2c302f0b35f9a352fb2c46b0658ca8522e2eb

    • SHA512

      6ff82f2aeda2c3b4a65076b87c0638d4aa2c2b45c894f7e4b218aeed740670c096ed78b87582050ada01d447ff940e50629d2c44dba693e456c6feede6da82ad

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      Crosshair-X-Crack-master/Crosshair-X.exe

    • Size

      2.3MB

    • MD5

      15a11b9020908899be0806d8199eec02

    • SHA1

      a49d3404f941939744f73656824cc8d69ddb56f1

    • SHA256

      27bb18efa21194212f44e41345bd1c1c80ce6734bc59e4513543c8de31da4006

    • SHA512

      b44b99969efe1f355271cc0ccbcba36a7faf53b749437c9861e69d9d6762248e6de012514d968ac243482914cea9e00f66b8feb3e29d6b0f68a1d691fc620fb7

    • SSDEEP

      49152:OGpwiGNhZXdcwtABBtkpUZviJhYW6Po/5bE:OVFfrWVviJhYWzp

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      Crosshair-X-Crack-master/lib/app/modules/news/controllers/news_controller.dart

    • Size

      1KB

    • MD5

      9cc308112ebbf90fbae523f317fe5549

    • SHA1

      f3e377926f8ecc616d24802a4397f3771a4e5bd3

    • SHA256

      cf65e71fd75f717336de6501f17c081fae496cd70893de8454317e3723a9eb6b

    • SHA512

      67e762d6498567f0720acdd99133029723f45e122792cb00bbdb7d958555785e6ed104c9ee77918c7db73ca9359e29d3c445172168824dfedbda0ac93cca6c0f

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      Crosshair-X-Crack-master/lib/app/modules/news/views/news_view_.dart

    • Size

      6KB

    • MD5

      a8c703f3e2544e279f76595a9944c2e7

    • SHA1

      696828425778f80aeecebc45d7ae784c933b78ef

    • SHA256

      43b27bf0b47bf8334beef65765b0df233f0751fef0adfd7f232e07ddc6182cf1

    • SHA512

      237fca401df4a7bfc321a6e16ac98f60764ed88fb93f2568fdc2d889a4de495256d5a7df94d84d755c10fb50306b3c6a885117f2a07e9e1cdaed44b0a4f5fe46

    • SSDEEP

      48:XqjtUunPBJavlKZwlRID2SkhZEkwe2C24a2zc2IO2af2v2qz24DmIb+R9/Hz+H1R:XkBJaquIDGhZEkwMdcvTIR9/0vUQj

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      Crosshair-X-Crack-master/lib/app/modules/profile/controllers/Profile_controller.dart

    • Size

      620B

    • MD5

      a6a436d86514ad674e214ae0101fd7fc

    • SHA1

      c1150cac1b48a3a3d86ea11f2cc5fcbb177cd191

    • SHA256

      eba89f5269d8e85344aacfaad3fc6c025c3175e3c2625d274a2fa12be6cafeaa

    • SHA512

      a2503a936126ffe85e7d520fbff9c20874b71269b9dbe805bb083ec4ac0eea47ececcf559659ac5d076722382f67e50813cdeb7d030bb99bca2f03b08ec3fcd7

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      Crosshair-X-Crack-master/lib/provider/auth_provider.dart

    • Size

      2KB

    • MD5

      124df5912a05df48f15d433d4525296b

    • SHA1

      1a338690ff17d72e14a1c2117b2926918f19f383

    • SHA256

      76aaa69023efea67fc92f7131f984df4c1d00c3e41cfcfa96492f6d0efb5bd7e

    • SHA512

      2a13baa24bc6762ad4c7cb874efee63b7fe7c588b1401774c27b7df063d96600868e05bfe95d8f2592d30ee2e7d08a12869b85327b39cde8c87afe22ebb96171

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

meduzacollectiondiscoveryspywarestealer
Score
10/10

behavioral2

meduzacollectiondiscoveryspywarestealer
Score
10/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
3/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10