General
-
Target
ac6323cfb95cc48955949b4d2e7f91a5.exe
-
Size
1.2MB
-
Sample
241118-qhsdtsxcjd
-
MD5
ac6323cfb95cc48955949b4d2e7f91a5
-
SHA1
525a7271bef3988185b4f2be7d797b2dfab8bcd0
-
SHA256
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac
-
SHA512
34bc32f1e5c578a4b0e438311828d390ba6b657aafc018294a22db16697e5313693cce40996cfb31d55eb5f25e0713f835b1933620b1f23b0ea5732e7518e9df
-
SSDEEP
24576:W2hVX3mzctl0cJQEcUKs9MjemJ5gx1wj7h0lhSMXl54Tud:9TX3yctl0E1Ks+egCx+jKp4T6
Malware Config
Extracted
meduza
193.3.19.151
-
anti_dbg
true
-
anti_vm
true
-
build_name
enew
-
extensions
.txt
-
grabber_max_size
4.194304e+06
-
port
15666
-
self_destruct
false
Targets
-
-
Target
ac6323cfb95cc48955949b4d2e7f91a5.exe
-
Size
1.2MB
-
MD5
ac6323cfb95cc48955949b4d2e7f91a5
-
SHA1
525a7271bef3988185b4f2be7d797b2dfab8bcd0
-
SHA256
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac
-
SHA512
34bc32f1e5c578a4b0e438311828d390ba6b657aafc018294a22db16697e5313693cce40996cfb31d55eb5f25e0713f835b1933620b1f23b0ea5732e7518e9df
-
SSDEEP
24576:W2hVX3mzctl0cJQEcUKs9MjemJ5gx1wj7h0lhSMXl54Tud:9TX3yctl0E1Ks+egCx+jKp4T6
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-