Extracted

• • Target

    80c70553c39dc806dcf8702aea520e3fa2143fc25d536d6e03784b3d31fee3d5.exe

  • Size

    4.1MB

  • MD5

    2583af1bb4e342a65040e6c68bc52147

  • SHA1

    84be56b48b7f204b295095cce2b3169895b333e0

  • SHA256

    80c70553c39dc806dcf8702aea520e3fa2143fc25d536d6e03784b3d31fee3d5

  • SHA512

    f3a33ff0c39df49057d00b1bc4d801969d0c0c3141166350949b278ab7dfbbaab58ccbe499aa30ccb2233779955afc782e124c68ad1468789733851f3d4c040d

  • SSDEEP

    49152:Xl4UjB0jUudKphZByreh+Woao/OZa8XLh+4vBTVlz8svAs:14UjKgu8As

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2