Extracted

• • Target

    2024-11-20_aa3c7b344a5530af4fe0bcb144abd43c_ryuk

  • Size

    4.1MB

  • MD5

    aa3c7b344a5530af4fe0bcb144abd43c

  • SHA1

    511d4295767b735cd2680de4cf08cba827e4b88f

  • SHA256

    544120fc34f30c6f20acee1d179009a6523ddab6fe41042611dbd742c8e636bf

  • SHA512

    247135a19aa034043047f43ac822c5754579baa3f2ec46418e590a23eb84fc527d6f3f58fbae73e995a58b4d3780f078686d60e57c660b823ae6eb211fad10c8

  • SSDEEP

    49152:qxGK0l3e3uoOg15XgLIcT9xacX+pGTt4yy2NtvyNM2R6oZ:qxGK09yuAZ

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2