meduza | 7690c2f38dc86dbefa5d70f20912195f2173c989763e3cbee3e38139c94ff3aa | Triage

Sharing

General

Target

7690c2f38dc86dbefa5d70f20912195f2173c989763e3cbee3e38139c94ff3aa
Size

1.2MB
Sample

241120-ajv84swcmb
MD5

5854dce0d4f0fe3e17de5a66b79c90b8
SHA1

2c81df189d4c8b01714dea3d91cd8f8c36b619cf
SHA256

7690c2f38dc86dbefa5d70f20912195f2173c989763e3cbee3e38139c94ff3aa
SHA512

a530dc5c2493bd2a26ccb9c796420bac095842ccf296e8124ab6d835a8f37c2200de69eced60ee27798c2804a4d39b6b8268ad0dd8012a513e84307e2dd8a60f
SSDEEP

24576:l5Uah/dTnglhmsqrKPYS1gm7K87h0lhSMXl1vNX:nUaldTUcsqaYwh/Kl1X

Score

10^/10

meduza

Malware Config

Extracted

Family

meduza

C2

147.45.44.212

Attributes

anti_dbg
true
anti_vm
true
build_name
mounow
extensions
.txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite
grabber_max_size
4.194304e+06
port
15666
self_destruct
false

Targets

- Target
  
  7690c2f38dc86dbefa5d70f20912195f2173c989763e3cbee3e38139c94ff3aa
- Size
  
  1.2MB
- MD5
  
  5854dce0d4f0fe3e17de5a66b79c90b8
- SHA1
  
  2c81df189d4c8b01714dea3d91cd8f8c36b619cf
- SHA256
  
  7690c2f38dc86dbefa5d70f20912195f2173c989763e3cbee3e38139c94ff3aa
- SHA512
  
  a530dc5c2493bd2a26ccb9c796420bac095842ccf296e8124ab6d835a8f37c2200de69eced60ee27798c2804a4d39b6b8268ad0dd8012a513e84307e2dd8a60f
- SSDEEP
  
  24576:l5Uah/dTnglhmsqrKPYS1gm7K87h0lhSMXl1vNX:nUaldTUcsqaYwh/Kl1X
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2