Extracted

• • Target

    2024-11-20_90c14181e9bee65d191c48fc9381bb38_ryuk

  • Size

    4.1MB

  • MD5

    90c14181e9bee65d191c48fc9381bb38

  • SHA1

    96de27947b44ced1235bd4a9056faacb90e29fc1

  • SHA256

    fc6b3d0fda8a1186ced0cc17ec78dbb932cd009d2fb9483b0b933ec1f94268bc

  • SHA512

    3c5ab51be541924a11a01421b779224506f9a2da4e964c81bde53d66004dcfc751b59cad93e2f6620a9dcf82abfe2bdd7406fbbc60ba9c067a97d82e788fb35d

  • SSDEEP

    49152:/xGK0l3e3uJtP5T/VCOotM46vP3SBbyKYjuBdfKs/PNlAZ:/xGK09yu/Z

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2