Behavioral task
behavioral1
Sample
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe
Resource
win10v2004-20241007-en
General
-
Target
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe
-
Size
1.2MB
-
MD5
ac6323cfb95cc48955949b4d2e7f91a5
-
SHA1
525a7271bef3988185b4f2be7d797b2dfab8bcd0
-
SHA256
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac
-
SHA512
34bc32f1e5c578a4b0e438311828d390ba6b657aafc018294a22db16697e5313693cce40996cfb31d55eb5f25e0713f835b1933620b1f23b0ea5732e7518e9df
-
SSDEEP
24576:W2hVX3mzctl0cJQEcUKs9MjemJ5gx1wj7h0lhSMXl54Tud:9TX3yctl0E1Ks+egCx+jKp4T6
Malware Config
Extracted
meduza
193.3.19.151
-
anti_dbg
true
-
anti_vm
true
-
build_name
enew
-
extensions
.txt
-
grabber_max_size
4.194304e+06
-
port
15666
-
self_destruct
false
Signatures
-
Meduza Stealer payload 1 IoCs
resource yara_rule sample family_meduza -
Meduza family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe
Files
-
a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac.exe.exe windows:6 windows x64 arch:x64
0095cfee1cdfcef936c4c086b6b4fe85
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ws2_32
closesocket
inet_pton
WSAStartup
send
socket
connect
recv
WSACleanup
htons
crypt32
CryptUnprotectData
CryptProtectData
wininet
InternetOpenW
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenUrlA
InternetOpenA
ntdll
NtQuerySystemInformation
RtlInitUnicodeString
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock
NtQueryObject
NtAllocateVirtualMemory
rstrtmgr
RmGetList
RmStartSession
RmEndSession
RmRegisterResources
bcrypt
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptSetProperty
kernel32
GetFileInformationByHandleEx
AreFileApisANSI
FindFirstFileW
FindNextFileW
FindClose
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
LoadLibraryA
Process32FirstW
CloseHandle
GetSystemInfo
GetProcAddress
LocalFree
FreeLibrary
GetLastError
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
VirtualAlloc
ReadFile
WriteFile
CreateFileW
GetFileSize
GetCurrentProcess
VirtualQuery
GetStdHandle
TerminateProcess
CreateMutexA
ReleaseMutex
OpenMutexA
GetModuleFileNameA
GetVolumeInformationW
GetGeoInfoA
HeapFree
EnterCriticalSection
GetModuleFileNameW
GetProcessId
LeaveCriticalSection
SetFilePointer
InitializeCriticalSectionEx
FreeEnvironmentStringsW
GetModuleHandleA
HeapSize
GetLogicalDriveStringsW
GetFinalPathNameByHandleA
GetTimeZoneInformation
lstrcatW
HeapReAlloc
HeapAlloc
GetComputerNameW
GetProcessHeap
GlobalMemoryStatusEx
GetModuleHandleW
lstrcpyW
GetEnvironmentStringsW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetFileSizeEx
SetFilePointerEx
GetCurrentThreadId
GetFileType
GetStartupInfoW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
SetEndOfFile
EnumSystemLocalesW
ReadConsoleW
RaiseException
GetModuleHandleExW
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
WriteConsoleW
OutputDebugStringW
SetEnvironmentVariableW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeSListHead
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileAttributesExW
GetFileAttributesW
FindFirstFileExW
GetCurrentDirectoryW
GetNativeSystemInfo
LCMapStringEx
CompareStringEx
DecodePointer
DeleteCriticalSection
GetCommandLineA
GetCommandLineW
GetUserGeoID
GetUserDefaultLCID
GetLocaleInfoEx
FormatMessageA
user32
GetWindowRect
ReleaseDC
GetDesktopWindow
EnumDisplayDevicesW
GetSystemMetrics
GetDC
gdi32
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject
advapi32
LookupPrivilegeValueW
AdjustTokenPrivileges
GetCurrentHwProfileW
RegCloseKey
RegGetValueA
RegQueryValueExA
RegOpenKeyExA
GetUserNameW
RegEnumKeyExA
RevertToSelf
ConvertSidToStringSidA
ImpersonateLoggedOnUser
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
CredEnumerateA
CredFree
shell32
SHGetKnownFolderPath
ShellExecuteW
ole32
CoTaskMemFree
CoGetObject
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
oleaut32
SysStringByteLen
SysAllocStringByteLen
SysFreeString
shlwapi
ord214
ord184
ord213
ord12
gdiplus
GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipGetImageEncoders
Sections
.text Size: 845KB - Virtual size: 844KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 362KB - Virtual size: 362KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 22KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ