General
-
Target
42a5c60fadb3b94505babe3561507a50.exe
-
Size
4.1MB
-
Sample
241118-2pyd7swhnh
-
MD5
42a5c60fadb3b94505babe3561507a50
-
SHA1
ade46a914ffefa4b1d8b791fbfdf07531c362e44
-
SHA256
a39cb2c31b6724eaa78f60fe29ced83e50ffad7e39efd604a7debdac63a2a80e
-
SHA512
d98f41807a0fa8edb5a2f2b054985d753e18deaa06e768045dcab7a108e15ae95dabb0c35506e652dd61d039da43d71d9576638d3ec85ffe46d21e4d18285611
-
SSDEEP
49152:/xGK0l3e3ubXWCC5JJhZs0wFF2d1vJ2Z:/xGK09yuZZ
Static task
static1
Behavioral task
behavioral1
Sample
42a5c60fadb3b94505babe3561507a50.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
42a5c60fadb3b94505babe3561507a50.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
meduza
193.3.19.151
-
anti_dbg
true
-
anti_vm
true
-
build_name
enew
-
extensions
.txt
-
grabber_max_size
4.194304e+06
-
port
15666
-
self_destruct
false
Targets
-
-
Target
42a5c60fadb3b94505babe3561507a50.exe
-
Size
4.1MB
-
MD5
42a5c60fadb3b94505babe3561507a50
-
SHA1
ade46a914ffefa4b1d8b791fbfdf07531c362e44
-
SHA256
a39cb2c31b6724eaa78f60fe29ced83e50ffad7e39efd604a7debdac63a2a80e
-
SHA512
d98f41807a0fa8edb5a2f2b054985d753e18deaa06e768045dcab7a108e15ae95dabb0c35506e652dd61d039da43d71d9576638d3ec85ffe46d21e4d18285611
-
SSDEEP
49152:/xGK0l3e3ubXWCC5JJhZs0wFF2d1vJ2Z:/xGK09yuZZ
Score10/10-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-