Extracted

• • Target

    2024-11-20_ffb37a64e91c59db36040b8ba7c6bdad_ryuk

  • Size

    3.6MB

  • MD5

    ffb37a64e91c59db36040b8ba7c6bdad

  • SHA1

    cb8d52d44bf6fbe94d793cf3f222f6a956eb32cf

  • SHA256

    598c3b6790b9743c04ffec399bbd8096f873a1edcf32ee6fb6bd3c30900095cd

  • SHA512

    bbd54464e14138bf375390b74097521fb95c1dc9cd07834d709983ff73433cdbf5061afb9bdf1d50b093e1705f990d6c7b451bcfbe017f2ed0f656f010ef0edc

  • SSDEEP

    49152:0QusxfsBXlpHgWycTjhkT4hE53e4ndn4fvFhPCNIFQv9n6Vp:5op

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2