Extracted

• • Target

    2024-11-29_aadab0e43197811ebe759f2451bc5cc9_ryuk

  • Size

    4.1MB

  • MD5

    aadab0e43197811ebe759f2451bc5cc9

  • SHA1

    7ecb1b358ff68999f7327d611eddd64bd8f4e07f

  • SHA256

    c465af29bd51e00e48a32ac6fc4d6497f6fbf0d4e9f6220824cb15ff58b94787

  • SHA512

    73f1520090690545d43ba06f52c777c63af0cdf3773ddbf310153cb039151aec2abd5efcbb08aeafe4ad7a48d48b91fdd3456ff10afbab1f78064186e3504aca

  • SSDEEP

    49152:Xl4UjB0jUuKHhIVk/XsUbNJpNX2QIkFxwgUzaOFyNWA:14UjKguHA

  Score

  10^/10

  meduzacollectiondiscoveryspywarestealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2