Extracted

• • Target

    2024-11-28_9018d445d422d00fbd2a40a1749db856_ryuk

  • Size

    4.1MB

  • MD5

    9018d445d422d00fbd2a40a1749db856

  • SHA1

    57f86287ac5e724b474ae5c95b0061a2bd9f4d46

  • SHA256

    6341026ca773d2f184cec494166e5f3518e0fb0686f5d8905fcffba33f15facd

  • SHA512

    584cab8a72f50222e9a2b8c08ea51c00acbdc6e9f337cb7231b2e5dbe229029fd6419f389ba832ddbdc3a92d1220d99f182376faf368ca72739ff9d4dd73bd7f

  • SSDEEP

    49152:Xl4UjB0jUu390cPFA9Wj4Oe/BxgERCdouH1dZA:14UjKgulA

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2