Overview
overview
10Static
static
3Setup.exe
windows7-x64
1Setup.exe
windows10-2004-x64
10bin/d3dcom...43.dll
windows7-x64
3bin/d3dcom...43.dll
windows10-2004-x64
3bin/libEGL.dll
windows7-x64
1bin/libEGL.dll
windows10-2004-x64
1bin/libGLESv2.dll
windows7-x64
1bin/libGLESv2.dll
windows10-2004-x64
1bin/libcry...64.dll
windows7-x64
1bin/libcry...64.dll
windows10-2004-x64
1bin/natives_blob.js
windows7-x64
3bin/natives_blob.js
windows10-2004-x64
3bin/report...64.dll
windows7-x64
1bin/report...64.dll
windows10-2004-x64
1bin/report...em.dll
windows7-x64
1bin/report...em.dll
windows10-2004-x64
1bin/report...ew.dll
windows7-x64
1bin/report...ew.dll
windows10-2004-x64
1bin/report...er.dll
windows7-x64
1bin/report...er.dll
windows10-2004-x64
1bin/reports/cs2.exe
windows7-x64
1bin/reports/cs2.exe
windows10-2004-x64
1bin/report...47.dll
windows10-2004-x64
1bin/report...lp.dll
windows7-x64
1bin/report...lp.dll
windows10-2004-x64
1bin/report...e2.dll
windows7-x64
1bin/report...e2.dll
windows10-2004-x64
1bin/report...io.dll
windows7-x64
1bin/report...io.dll
windows10-2004-x64
1bin/report...64.dll
windows7-x64
1bin/report...64.dll
windows10-2004-x64
1bin/report...em.dll
windows7-x64
1General
-
Target
Setup.zip
-
Size
22.3MB
-
Sample
241129-sb1sqswldn
-
MD5
87241a685c388b7f813f202fca1d4874
-
SHA1
c0fe983369680c7aa6d7f550dc15bd11dc26eccc
-
SHA256
6d03736a2eef6e9b31e97a1d3a22468d060f77e8dd129c465859355271906549
-
SHA512
31fbde9f04f93e316aa380d6efd67ad8c74856a5b20486b90bc71046ed1806b9b4db2bed477ab170337d2df260c5c29592218e0d71244fd6a962c582de7dfc4d
-
SSDEEP
393216:3L6zL2TaJ5+6GPfkGQoPA6/FIjuP+VXNLR8HKh6z2jL8XVNrsbGQSad:3L6ziTA5+DPYWA6mjuPei9z2eXcGQv
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
bin/d3dcompiler_43.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
bin/d3dcompiler_43.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
bin/libEGL.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
bin/libEGL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
bin/libGLESv2.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
bin/libGLESv2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
bin/libcrypto-1_1-x64.dll
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
bin/libcrypto-1_1-x64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
bin/natives_blob.js
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
bin/natives_blob.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
bin/reports/amd_ags_x64.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
bin/reports/amd_ags_x64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
bin/reports/animationsystem.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
bin/reports/animationsystem.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
bin/reports/assetpreview.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
bin/reports/assetpreview.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
bin/reports/ati_compress_wrapper.dll
Resource
win7-20241023-en
Behavioral task
behavioral20
Sample
bin/reports/ati_compress_wrapper.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
bin/reports/cs2.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
bin/reports/cs2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
bin/reports/d3dcompiler_47.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
bin/reports/dbghelp.dll
Resource
win7-20240903-en
Behavioral task
behavioral25
Sample
bin/reports/dbghelp.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
bin/reports/engine2.dll
Resource
win7-20240729-en
Behavioral task
behavioral27
Sample
bin/reports/engine2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
bin/reports/filesystem_stdio.dll
Resource
win7-20240903-en
Behavioral task
behavioral29
Sample
bin/reports/filesystem_stdio.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
bin/reports/gfsdk_aftermath_lib.x64.dll
Resource
win7-20240903-en
Behavioral task
behavioral31
Sample
bin/reports/gfsdk_aftermath_lib.x64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral32
Sample
bin/reports/helpsystem.dll
Resource
win7-20240903-en
Malware Config
Extracted
meduza
45.130.145.152
-
anti_dbg
true
-
anti_vm
true
-
build_name
Mazti
-
extensions
.txt
-
grabber_max_size
4.194304e+06
-
port
15666
-
self_destruct
false
Targets
-
-
Target
Setup.exe
-
Size
635.3MB
-
MD5
0e6ceb4555d18d6110137491f14efd02
-
SHA1
e943cfad58ac3f4a464b93456d0c78b0ca47c367
-
SHA256
e076269058626f49a4cf8455732e3a6566e49ccce73bfeffedd00fc94db886bd
-
SHA512
a436040ed79e582bfe8b175cc191a14b87127a83791e7c49760faeab643d82cdd0662554a07e107f696b6b7871c899ee3f0cd272146b952d35f8593c49322eee
-
SSDEEP
6144:hpcPBXe1j1agJRe6qTF38D6t6HTu5PmhrD:hwBmagJRe6qc6t6z/D
Score10/10-
Meduza Stealer payload
-
Meduza family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
bin/d3dcompiler_43.dll
-
Size
2.0MB
-
MD5
1c9b45e87528b8bb8cfa884ea0099a85
-
SHA1
98be17e1d324790a5b206e1ea1cc4e64fbe21240
-
SHA256
2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c
-
SHA512
b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34
-
SSDEEP
49152:DpX9JVeE9HP6Zpy9KyhMI50Du8LljslNsHSHFUq9OiapbbO5Akb:H3P9HP6Zpy9KyhMI50Du8LljslNsyHiS
Score3/10 -
-
-
Target
bin/libEGL.dll
-
Size
90KB
-
MD5
50c717ab7624384b2b2d8a953263beb2
-
SHA1
58d82865ab86a193f8f6ff1cbf7677525f6e217d
-
SHA256
63580999b8210315b664e7742b6d4f59e587d20b4d0826072a5ef311c6f25b74
-
SHA512
8caac7982eba6380df162b62353088339754ff211847e3921dd74f239e8a980d588b36db385acbd2ba0edcaebcfb4d272eb0405672dc158e58666b6f695a02b4
-
SSDEEP
1536:KGP6HhCY9bVfdiVkfynyCjUzjBUpgmsWS4dMOe9dl58Zh3Cz0b:KGPG/xViVk4yOUz26KPWHiyzy
Score1/10 -
-
-
Target
bin/libGLESv2.dll
-
Size
3.7MB
-
MD5
dd3f55559ca3eb1a89e7d696c8c5de53
-
SHA1
ce2785277d60aa366e6faf3c3318d5767a3d949e
-
SHA256
99f261fa5a69dd2b3bd6192aaf72a0d9f88d769a311fac87963658a7573ec669
-
SHA512
bd47d44177970c08bb645f0e92011b2c9143c016d2baaf03a55f26e5e4fc157f1273fda49320815c0cbaa34b531c7fd1f28fa37d2486104d486063b138d75739
-
SSDEEP
49152:oVgDuIkH0auiXZR2oWisTDLKvka5A9rC1Mw50uaj3cRhONxp7Im8TV659Zx/M70M:QgDWXv96pjkwpcTB5Vf
Score1/10 -
-
-
Target
bin/libcrypto-1_1-x64.dll
-
Size
3.3MB
-
MD5
3390d76a13973bd46b512bf257c171c8
-
SHA1
cd269f1f752c272e3868b4dd6dc65464715ae0b0
-
SHA256
deb034588ef43db62809cc2c599374894bf7fef5df990da6eaaa0674fbec0301
-
SHA512
8d714e4859ffe4beb2c6a499b4d62cd549679411b5af2b50ec4f75e522e7af1943c4c29cc5d4266409351c596c6a0bb470e4ec0301e23425191f059752458620
-
SSDEEP
49152:cVwASOC3IU6ixBGtlqREzGbOggxFSAnVJcjp15QAMa4OHjbtNPA6UsQ0H1CPwDvF:l4+0SgbhVUsIjJW6UsB1CPwDv3uFfJ
Score1/10 -
-
-
Target
bin/natives_blob.bin
-
Size
240KB
-
MD5
94855c31f6c24656a6d67ceae0b04cca
-
SHA1
1d5346516d5f1f7546d4400ca3eea55022ddd9bd
-
SHA256
20210a0e530832a0267d584015eecb331c2ac0d841faf7b36feb9d326c32c113
-
SHA512
1043759ed4b4e1df6f05724cf5132bbcf410bc5d6ffe791ad243a6c66a577965993d72908f032805bdc14ee8b69f93417535fcc8b38bfdb006de20f7c7b0d1c4
-
SSDEEP
3072:kUotXVrxNpyXcsR/H/UxRjh7z5/w7JrMCOL2ZHJSSC/s9a:kUopVrxNpyXcsRf/UxRjhxw7JoCOLuI
Score3/10 -
-
-
Target
bin/reports/amd_ags_x64.dll
-
Size
177KB
-
MD5
c69e3e05bf240d7762286833e39c9029
-
SHA1
0bc12517a8ee4173867d54081a6d26527ab62672
-
SHA256
2449e8339e0f031bc4f954398f5917b8eb5a2d20c32d4688a083d5dd9f637ab8
-
SHA512
655ba29b6dc96d88a188647f8b4a0dbf8dfaac2d9c33269105bc0985afb4d8bd1b8d6daa0d3cf11e6c9fd82ee174fca6d2607adf826d01da5edaa42a21266cf3
-
SSDEEP
3072:ZbGOZiVbwfB/GT0yAajwsw3iTW2jl+uToE23JKjBaBW/L:ZbGOZ1BK0yAajw+W2jl+Al28L
Score1/10 -
-
-
Target
bin/reports/animationsystem.dll
-
Size
6.0MB
-
MD5
0e1bf601bffc4b5e4cdd6deb75d59b83
-
SHA1
8909467b21fb6e6095e7aa2944234518e5ed7bfd
-
SHA256
9697e7f265210559b0cb5aa023cd0b1cfbbb50cad06d8c38905aba012bcdb229
-
SHA512
3b87fe9fb2b8f066da6f144c2fc55f7e36b0cff2a0b88ef29a04995fd34a95b02416bb5334ab4608ee4439f71703b77eddfc10426617f3681715686558dc22d1
-
SSDEEP
49152:QWyF999XhMwgz32urMXhLztNyDL6FMNDR/7PSIcKewd9XCFrvOWqOXFIgnHTbzXl:3sX9i207EC5gna2v7S7Qpcu
Score1/10 -
-
-
Target
bin/reports/assetpreview.dll
-
Size
5.4MB
-
MD5
92791e8fe8f475b0f10525a93afda182
-
SHA1
301a963889cb181777e448f9b974eaa4effc2181
-
SHA256
386b8145f1db7797d659cddda75a4cab8ebd930d2e9c9e83474b768ad5a87e2f
-
SHA512
d089f2bbef45e33f9f2eb680a539d089fe542171979ba87956004e20595435acd18a1c23304534d2377eaf236a358801fb2a1a400dba8c662b89ae0af3045e15
-
SSDEEP
98304:eLILqiln5Meagy6A7Bka2RdfoUZbzkBfd:eLILrnry6A7Bka2RdfoUZ/kBd
Score1/10 -
-
-
Target
bin/reports/ati_compress_wrapper.dll
-
Size
736KB
-
MD5
6289cb9973840bde3258392cc07b4420
-
SHA1
84aaa5491087ffb7aa5453f48bdf3a837839f770
-
SHA256
59b8e6afa8bd163213b63bbc8b7af18e495ddebee801ebda39ef62fd559901c3
-
SHA512
8e64cdfa9f916b1b86a2e1798562c61d63bd13920e5d76a4a80d74f46991219961ca8354d359fcddfaba25b358254e632c73a4c74f61b444cad4fe6f10c6f0c1
-
SSDEEP
12288:nWVwk2whmH7nU7OV/EWvpu1jvb+HE8SHs3dv/T58kr1Jmy:nEhmH7nU7OV/E4c1TMy8N8Hy
Score1/10 -
-
-
Target
bin/reports/cs2.exe
-
Size
2.8MB
-
MD5
6c4bec50e1f595caa7f308fbe1de3c4a
-
SHA1
fc063651fcc015100f5107fb789a2cd2a39966ff
-
SHA256
96fb21e9e74f9c1b1bac42d0553ee9eba93e55bb6fd32a18165dc4c3d75ccd24
-
SHA512
0e9ebcefc2018e8665be19d5620c60dbf0209e9007f00a5b6cb4a74f3c6fa3f8ea604b09d2484970034392dc6c88a9a45cc66d7c1de47a1e701ff2bf0df3a58f
-
SSDEEP
12288:Prv+M0vksnul4PKgN6AqBCjta3CR5riFJnO+xtb5QqvcJCCFVdRTLnsJGU:TvX0Mi69SD5MJnO+xsqvcgCFVbcJGU
Score1/10 -
-
-
Target
bin/reports/d3dcompiler_47.dll
-
Size
4.1MB
-
MD5
222d020bd33c90170a8296adc1b7036a
-
SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48
-
SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3
-
SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6
-
SSDEEP
49152:D5EfJYiVk9w6hAPqzag2At6i5K/8Ub6Lg3MEq/NHiQTtVr+5kb62QgdD6zoodr7P:l7iNPWHYE+Bnm8
Score1/10 -
-
-
Target
bin/reports/dbghelp.dll
-
Size
1.5MB
-
MD5
a5e4b3ff51cf5b7926d9651908feb666
-
SHA1
4ef5d229709e40f3f84e46c3a28341eadbd1a044
-
SHA256
13f0c74845318b52b76e6000564b1a99c37de48422b44ac74d034fa222c65a23
-
SHA512
0615ff581b648715461349b1622fbc208042fc8c395cb2d271203b25b036f59edb0fc3470065dc15061af1be0fff48981f55bbea7f00c88906e9b470764a86fa
-
SSDEEP
24576:xU5lL6v/X5lknycQFrQ8gKt/X95WqbQLZopKjMcqpzd1YWLfY:Kni/X5lknDFUCaQLq8
Score1/10 -
-
-
Target
bin/reports/engine2.dll
-
Size
5.7MB
-
MD5
002869af9a2cacb11010ba04ebad84f5
-
SHA1
f3c33917301c983c0635a5f89e504fe72a325ad6
-
SHA256
a288aa28f68225c5af0aea2dbfcb9e13eea04d41383d2ee7fdc06b9a0f8bb8f6
-
SHA512
0831366bea7122498e40b29febe311863c146eebfe2c00cb2bbcab62d39d5e29f189290dfb3806e33b03717eb8def480959cee2e8d15cc29bcb6d28a96b7d035
-
SSDEEP
98304:cDiPlCM18Qd0z1DEIQUt6vNce2rnnOmFNkETX:S+CM18Qd0zVETxFceFm7
Score1/10 -
-
-
Target
bin/reports/filesystem_stdio.dll
-
Size
2.1MB
-
MD5
35b2ad0e8f6f73ae8808b3b92d9e176e
-
SHA1
d28ebd01da8494d0054d6eafec49fe219e45932a
-
SHA256
2d86739d202c4803559c19fc6f5f8b6b44a3df5181a1075f994a4c1279c8d111
-
SHA512
1b2520de20236cdc0e515a84ce2b093250e5c1ada61e2b2add75a58268535123ccd35c06bcef2cfa1afa716fa48cdd2cd5de4029294b6d91f06e53d9cf3c1789
-
SSDEEP
49152:kOjPWZbTKuk214ScfZ8Jh2b/anK9GjXLmn/DnogdjnIU6iMLPQDW:kSqKB7nogds+bDW
Score1/10 -
-
-
Target
bin/reports/gfsdk_aftermath_lib.x64.dll
-
Size
1.2MB
-
MD5
820a8d1a32385a355c8b568fe15c8a54
-
SHA1
f53f6f4c0114f022e0fd9bd32181c2268e1cb178
-
SHA256
38ebf6883aa8ffa94f7c1d70817aaee32a283a7a135ed3ddc383a513dee959f2
-
SHA512
00ff27e355a03d4142c783485a8e930215ae2536c20fb4bab806f220e61488229cf96ccb668a8bf8eb280950188f99bd443181c79344ce70d608fdb36c204999
-
SSDEEP
24576:UBKGscNMHvIajUhvPQ5sxjB7cIgTnAewIokkJMLd8lz4cV:UBKGsfHvIAUJQ5sxjB7cIgTnAzIruMWZ
Score1/10 -
-
-
Target
bin/reports/helpsystem.dll
-
Size
670KB
-
MD5
a9bd3d9ff8cb2cc307a1ffcb9f919b65
-
SHA1
3ec5e68ce8a61f127491e503f3dd8bec1f25d634
-
SHA256
643762ea2a16b1ddf982e72a12c0c73263918a7fd6a8d1e81104559b39f12c53
-
SHA512
9a29a979bf27861bdd77d77781836cc9a843d23148b98921167e33d5a643b5c7b931816690dca29206eb67666dddb47e9fd2ef550b4318cc0b77f1f09f862fc1
-
SSDEEP
12288:NHdecaFFJZz0lvV9rW17p4ZAePX2g6S01qrF6DcizW+JJE29c6Ijx:NHdlaX3u9072iePUS08pwTzWZrx
Score1/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1