meduza | d61985407f31d1fbba3aaf4e6d1e79c5fc79fa333879fd478a0ffb4d9476a04f | Triage

Submit
Reports

Overview

overview

Static

static

3

d61985407f...4f.exe

windows7-x64

d61985407f...4f.exe

windows10-2004-x64

Sharing

General

Target

d61985407f31d1fbba3aaf4e6d1e79c5fc79fa333879fd478a0ffb4d9476a04f.exe
Size

4.1MB
Sample

241119-gn7ahawmcj
MD5

5221d2214beb75529df68ac5f0106f4f
SHA1

0f97ce2b3768605f2de2d9d5f1f8542f915c486c
SHA256

d61985407f31d1fbba3aaf4e6d1e79c5fc79fa333879fd478a0ffb4d9476a04f
SHA512

3c1d92bb51ec40692055035d6d43e17a37b0b755be05e302f67eacb4223ede566041b9696648ef5b52556654ee4a39eaab87aefc3b508206ea6418c4074a227f
SSDEEP

24576:8Smpzi3xGi50W+Zdel5ubytHiZTRIZxUTt3dcnBnD1aAByTD9+akcFEbaWpUBsHI:/xGK0l3e3u3tgyKBnD0UxVGQ/heC/IZ

Score

10^/10

meduza stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d61985407f31d1fbba3aaf4e6d1e79c5fc79fa333879fd478a0ffb4d9476a04f.exe

Resource

win7-20241010-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d61985407f31d1fbba3aaf4e6d1e79c5fc79fa333879fd478a0ffb4d9476a04f.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

193.3.19.151

Attributes

anti_dbg
true
anti_vm
true
build_name
hdont
extensions
.txt
grabber_max_size
4.194304e+06
port
15666
self_destruct
false

Targets

- Target
  
  d61985407f31d1fbba3aaf4e6d1e79c5fc79fa333879fd478a0ffb4d9476a04f.exe
- Size
  
  4.1MB
- MD5
  
  5221d2214beb75529df68ac5f0106f4f
- SHA1
  
  0f97ce2b3768605f2de2d9d5f1f8542f915c486c
- SHA256
  
  d61985407f31d1fbba3aaf4e6d1e79c5fc79fa333879fd478a0ffb4d9476a04f
- SHA512
  
  3c1d92bb51ec40692055035d6d43e17a37b0b755be05e302f67eacb4223ede566041b9696648ef5b52556654ee4a39eaab87aefc3b508206ea6418c4074a227f
- SSDEEP
  
  24576:8Smpzi3xGi50W+Zdel5ubytHiZTRIZxUTt3dcnBnD1aAByTD9+akcFEbaWpUBsHI:/xGK0l3e3u3tgyKBnD0UxVGQ/heC/IZ
Score

10^/10

meduza stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy