Extracted

• • Target

    2024-11-19_394797ab6934f4db2364f672feed7669_ryuk

  • Size

    4.1MB

  • MD5

    394797ab6934f4db2364f672feed7669

  • SHA1

    f19b966c84f2547040650811be1f29ee8ac2c412

  • SHA256

    ca130b3fce182c547d93de04d673c6456f16e1eb73ce941dc7dd2c3c7d62ae5b

  • SHA512

    81030ea518cb7e0102b1a59c9e5e93af304ca1f6eea2e5fdcb120abbde4295b319eafed937941c7301df4848132c902dc8709af84f1725361c47400981ea110c

  • SSDEEP

    49152:/xGK0l3e3uFX0o6GPR08YP5DbdMl9uItjeRisE8Z:/xGK09yuaZ

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2