meduza

General

Target

8350b1c8cd82e06444bd6c89f1b25f1415b18eb60893a5f9bf80432963da5679.exe
Size

2.0MB
Sample

241118-hzrjvssapl
MD5

3ae06ab23868319d57698df9b29435c6
SHA1

a759297fd4dfc56c9ca9fabd77d3e6b7eadfe090
SHA256

8350b1c8cd82e06444bd6c89f1b25f1415b18eb60893a5f9bf80432963da5679
SHA512

4c29c51238be655414800bfe0ee389083895d53c90ac9b71cf87730b8e302b6caabb9130370c38cec134f4e3848a2e9feba9782b3f72a5bbe6b5f4334c46cd20
SSDEEP

49152:aWluOKJkZt0J4Nsf0wZXeFen4ELmCdcwV0mqsu2sNf5q:aGELDV0cuzE

Score

10^/10

Malware Config

Extracted

Family

meduza

C2

150.241.92.160

Attributes

anti_dbg
true
anti_vm
true
build_name
kanew
extensions
.txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite
grabber_max_size
4.194304e+06
port
15666
self_destruct
false

Targets

- Target
  
  8350b1c8cd82e06444bd6c89f1b25f1415b18eb60893a5f9bf80432963da5679.exe
- Size
  
  2.0MB
- MD5
  
  3ae06ab23868319d57698df9b29435c6
- SHA1
  
  a759297fd4dfc56c9ca9fabd77d3e6b7eadfe090
- SHA256
  
  8350b1c8cd82e06444bd6c89f1b25f1415b18eb60893a5f9bf80432963da5679
- SHA512
  
  4c29c51238be655414800bfe0ee389083895d53c90ac9b71cf87730b8e302b6caabb9130370c38cec134f4e3848a2e9feba9782b3f72a5bbe6b5f4334c46cd20
- SSDEEP
  
  49152:aWluOKJkZt0J4Nsf0wZXeFen4ELmCdcwV0mqsu2sNf5q:aGELDV0cuzE
Score

10^/10

meduza collection discovery stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Meduza Stealer payload

Meduza family

Checks computer location settings

Accesses Microsoft Outlook profiles

Checks installed software on the system

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2