Overview

overview

10

Static

static

3

Fluxus-Rob...or.rar

windows7-x64

1

Fluxus-Rob...or.rar

windows10-2004-x64

10

Fluxus-Rob...FS.dll

windows7-x64

1

Fluxus-Rob...FS.dll

windows10-2004-x64

1

Fluxus-Rob...se.dll

windows7-x64

1

Fluxus-Rob...se.dll

windows10-2004-x64

1

Fluxus-Rob...rs.dll

windows7-x64

1

Fluxus-Rob...rs.dll

windows10-2004-x64

1

Fluxus-Rob...pf.dll

windows7-x64

1

Fluxus-Rob...pf.dll

windows10-2004-x64

1

Fluxus-Rob...rs.dll

windows7-x64

1

Fluxus-Rob...rs.dll

windows10-2004-x64

1

Fluxus-Rob...FS.dll

windows7-x64

1

Fluxus-Rob...FS.dll

windows10-2004-x64

1

Fluxus-Rob...se.dll

windows7-x64

1

Fluxus-Rob...se.dll

windows10-2004-x64

1

Fluxus-Rob...rs.dll

windows7-x64

1

Fluxus-Rob...rs.dll

windows10-2004-x64

1

Fluxus-Rob...rs.dll

windows7-x64

1

Fluxus-Rob...rs.dll

windows10-2004-x64

1

Fluxus-Rob...V7.exe

windows7-x64

10

Fluxus-Rob...V7.exe

windows10-2004-x64

10

Fluxus-Rob...se.dll

windows7-x64

1

Fluxus-Rob...se.dll

windows10-2004-x64

1

Fluxus-Rob...rs.dll

windows7-x64

1

Fluxus-Rob...rs.dll

windows10-2004-x64

1

Fluxus-Rob...rs.dll

windows7-x64

1

Fluxus-Rob...rs.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fluxus-Roblox-Executor.rar

  • Size

    4.7MB

  • Sample

    241130-f2hnmaypek

  • MD5

    aa4a94fe600f76fe7afd6e05e24dcf44

  • SHA1

    77a59599d4a50664fe9d16f6569f84c4389381e9

  • SHA256

    9bf6c1a87bb22f0703b012fe12ea3577777002ff4ecd9b3794d3bc4d9d862413

  • SHA512

    7c9b1b3915ad463825632bd33514c15d9f776555ee0c1f3b4d6992b6d3e6c7161f3fb875c4635ef242e12996de77d8848ceca36026856eb463aa92bd8604281c

  • SSDEEP

    98304:khYzy+NQ7lRjflIuJkQ+MOSh5FMcU2ZPFGzybJDKjsCO:kKzc7BIuJPfh56YWG1mjO

Score
10/10
meduzacollectiondiscoveryspywarestealer

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    703

  • extensions

    none

  • grabber_max_size

    1.048576e+06

  • links

    none

  • port

    15666

  • self_destruct

    true

Targets

    • Target

      Fluxus-Roblox-Executor.rar

    • Size

      4.7MB

    • MD5

      aa4a94fe600f76fe7afd6e05e24dcf44

    • SHA1

      77a59599d4a50664fe9d16f6569f84c4389381e9

    • SHA256

      9bf6c1a87bb22f0703b012fe12ea3577777002ff4ecd9b3794d3bc4d9d862413

    • SHA512

      7c9b1b3915ad463825632bd33514c15d9f776555ee0c1f3b4d6992b6d3e6c7161f3fb875c4635ef242e12996de77d8848ceca36026856eb463aa92bd8604281c

    • SSDEEP

      98304:khYzy+NQ7lRjflIuJkQ+MOSh5FMcU2ZPFGzybJDKjsCO:kKzc7BIuJPfh56YWG1mjO

    Score
    10/10
    meduzacollectiondiscoveryspywarestealer

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Meduza family

      meduza

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Fluxus-Roblox-Executor/AlphaFS.dll

    • Size

      359KB

    • MD5

      f2f6f6798d306d6d7df4267434b5c5f9

    • SHA1

      23be62c4f33fc89563defa20e43453b7cdfc9d28

    • SHA256

      837f2ceab6bbd9bc4bf076f1cb90b3158191888c3055dd2b78a1e23f1c3aafdd

    • SHA512

      1f0c52e1d6e27382599c91ebd5e58df387c6f759d755533e36688b402417101c0eb1d6812e523d23048e0d03548fd0985a3fd7f96c66625c6299b1537c872211

    • SSDEEP

      6144:QDyJst+jyCnzLp9hvHsPvPvPvS2JQvlojidPp:QDyJsvCnzZf4U1d

    Score
    1/10
    behavioral3behavioral4

    • Target

      Fluxus-Roblox-Executor/Client/License.dll

    • Size

      46B

    • MD5

      2ae29de9b7d4461b6f7415750aca2284

    • SHA1

      22d36a3b2028286f27115c100e8e129e36779424

    • SHA256

      5e220c9d9530749e955f93e4069d074a87e16cab38afbe1d37023194ed69f9d7

    • SHA512

      1cdfe1802c780a6c4c287ef8da0ddbba6f77a76e5e9e17811255851e92acab7fe8fc6a55fa20c30a1869f89aaa3c28e97106e3a99778955d634e4250d3ad20d1

    Score
    1/10
    behavioral5behavioral6

    • Target

      Fluxus-Roblox-Executor/Client/MaterialDesignColors.dll

    • Size

      295KB

    • MD5

      5c108c4da6d03f0fa2c3b4dc7890cb52

    • SHA1

      48af67b6166068b6f138306bbd1157c7583c6e73

    • SHA256

      b5ec30c93b1d2b4631ee2b178750ec92e302e2e331090ec9783981b9572354f8

    • SHA512

      48d055610eead361809bd839c66ccdca1d5e0d9dffe15af9d15afa106ee7791c8b17acb91f2aba5cf3dda2997b049bcf70b43c3b56b8b01f1fc7bb845ce6c91b

    • SSDEEP

      1536:wr1In+fq1fDfDemxD0EsXpGX0EOAcTtU7fKoVxbzQcV:G1WB1PerAjOAj7fKoVxb1V

    Score
    1/10
    behavioral7behavioral8

    • Target

      Fluxus-Roblox-Executor/Client/MaterialDesignThemes.Wpf.dll

    • Size

      9.1MB

    • MD5

      824cbf63999f954aa1747f79586a4d3c

    • SHA1

      5f1cd6346a45024bbbe09e304c12b6f6bf227d5c

    • SHA256

      344e2cee979e979932f504dc76bd75e97ae1ff46caa3fe2795adfe0a866347f7

    • SHA512

      d36149f7cb5ffc62dac6bb4521105d09fac988de567e181fdca4f23e5079aca5f4292e1d314f797f1a597263ddac0210060cb71c111565717e3a288a47770c51

    • SSDEEP

      98304:PW8EOPXJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzy83IiEcJMrCRM:PW8lnJ45/9iD54+V11bFv4z

    Score
    1/10
    behavioral10behavioral9

    • Target

      Fluxus-Roblox-Executor/Client/Microsoft.Xaml.Behaviors.dll

    • Size

      142KB

    • MD5

      95f46f34c099421d917d5feadbb33edb

    • SHA1

      3d1cb9cf59000012734901a35baeb3d9c1dd5db3

    • SHA256

      8e77a1dd5e2df4d4af801376cc3428b082eb49fcb6e647b933967fae12ad9d5d

    • SHA512

      c9c9f72980316c68ad2a8dbe2c6c563c0deddfc9e845674d0e2f5313a0ae285d60a755e2ca04164f78b37a36521259307b3eb7d43f5ec9a9de5507bda7e4c1b8

    • SSDEEP

      3072:lN+EM1X0WlL9JAn11M1dXcGkOsizI35rCj8SIP:v+ll79in1h6

    Score
    1/10
    behavioral11behavioral12

    • Target

      Fluxus-Roblox-Executor/Executor/AlphaFS.dll

    • Size

      359KB

    • MD5

      f2f6f6798d306d6d7df4267434b5c5f9

    • SHA1

      23be62c4f33fc89563defa20e43453b7cdfc9d28

    • SHA256

      837f2ceab6bbd9bc4bf076f1cb90b3158191888c3055dd2b78a1e23f1c3aafdd

    • SHA512

      1f0c52e1d6e27382599c91ebd5e58df387c6f759d755533e36688b402417101c0eb1d6812e523d23048e0d03548fd0985a3fd7f96c66625c6299b1537c872211

    • SSDEEP

      6144:QDyJst+jyCnzLp9hvHsPvPvPvS2JQvlojidPp:QDyJsvCnzZf4U1d

    Score
    1/10
    behavioral13behavioral14

    • Target

      Fluxus-Roblox-Executor/Executor/License.dll

    • Size

      46B

    • MD5

      2ae29de9b7d4461b6f7415750aca2284

    • SHA1

      22d36a3b2028286f27115c100e8e129e36779424

    • SHA256

      5e220c9d9530749e955f93e4069d074a87e16cab38afbe1d37023194ed69f9d7

    • SHA512

      1cdfe1802c780a6c4c287ef8da0ddbba6f77a76e5e9e17811255851e92acab7fe8fc6a55fa20c30a1869f89aaa3c28e97106e3a99778955d634e4250d3ad20d1

    Score
    1/10
    behavioral15behavioral16

    • Target

      Fluxus-Roblox-Executor/Executor/MaterialDesignColors.dll

    • Size

      295KB

    • MD5

      5c108c4da6d03f0fa2c3b4dc7890cb52

    • SHA1

      48af67b6166068b6f138306bbd1157c7583c6e73

    • SHA256

      b5ec30c93b1d2b4631ee2b178750ec92e302e2e331090ec9783981b9572354f8

    • SHA512

      48d055610eead361809bd839c66ccdca1d5e0d9dffe15af9d15afa106ee7791c8b17acb91f2aba5cf3dda2997b049bcf70b43c3b56b8b01f1fc7bb845ce6c91b

    • SSDEEP

      1536:wr1In+fq1fDfDemxD0EsXpGX0EOAcTtU7fKoVxbzQcV:G1WB1PerAjOAj7fKoVxb1V

    Score
    1/10
    behavioral17behavioral18

    • Target

      Fluxus-Roblox-Executor/Executor/Microsoft.Xaml.Behaviors.dll

    • Size

      142KB

    • MD5

      95f46f34c099421d917d5feadbb33edb

    • SHA1

      3d1cb9cf59000012734901a35baeb3d9c1dd5db3

    • SHA256

      8e77a1dd5e2df4d4af801376cc3428b082eb49fcb6e647b933967fae12ad9d5d

    • SHA512

      c9c9f72980316c68ad2a8dbe2c6c563c0deddfc9e845674d0e2f5313a0ae285d60a755e2ca04164f78b37a36521259307b3eb7d43f5ec9a9de5507bda7e4c1b8

    • SSDEEP

      3072:lN+EM1X0WlL9JAn11M1dXcGkOsizI35rCj8SIP:v+ll79in1h6

    Score
    1/10
    behavioral19behavioral20

    • Target

      Fluxus-Roblox-Executor/Flux_V7.exe

    • Size

      3.6MB

    • MD5

      58f337f931453d2e3843e8ed56b48fcc

    • SHA1

      6201eedc65426facc0540b4dd4916dfc2762177d

    • SHA256

      031d4f89c20dce1f7bcb864b871c8da470231d5ff6cd9d0b4d47b80fb6c3451d

    • SHA512

      8642d6e1baa0309fe7e0eca442e5e9483aafcc270bd05f3a93a73c6a1532aee74460e29c195f248f5920b05f912cb40ee59d5159e310e3d749184a6d557505ea

    • SSDEEP

      49152:0QusxfscvRLXvnx3FB/G82MV5zvTwcVj3p:5Vp

    Score
    10/10
    meduzacollectiondiscoveryspywarestealer

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Meduza family

      meduza

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral21behavioral22

    • Target

      Fluxus-Roblox-Executor/License.dll

    • Size

      46B

    • MD5

      2ae29de9b7d4461b6f7415750aca2284

    • SHA1

      22d36a3b2028286f27115c100e8e129e36779424

    • SHA256

      5e220c9d9530749e955f93e4069d074a87e16cab38afbe1d37023194ed69f9d7

    • SHA512

      1cdfe1802c780a6c4c287ef8da0ddbba6f77a76e5e9e17811255851e92acab7fe8fc6a55fa20c30a1869f89aaa3c28e97106e3a99778955d634e4250d3ad20d1

    Score
    1/10
    behavioral23behavioral24

    • Target

      Fluxus-Roblox-Executor/MaterialDesignColors.dll

    • Size

      295KB

    • MD5

      5c108c4da6d03f0fa2c3b4dc7890cb52

    • SHA1

      48af67b6166068b6f138306bbd1157c7583c6e73

    • SHA256

      b5ec30c93b1d2b4631ee2b178750ec92e302e2e331090ec9783981b9572354f8

    • SHA512

      48d055610eead361809bd839c66ccdca1d5e0d9dffe15af9d15afa106ee7791c8b17acb91f2aba5cf3dda2997b049bcf70b43c3b56b8b01f1fc7bb845ce6c91b

    • SSDEEP

      1536:wr1In+fq1fDfDemxD0EsXpGX0EOAcTtU7fKoVxbzQcV:G1WB1PerAjOAj7fKoVxb1V

    Score
    1/10
    behavioral25behavioral26

    • Target

      Fluxus-Roblox-Executor/Microsoft.Xaml.Behaviors.dll

    • Size

      142KB

    • MD5

      95f46f34c099421d917d5feadbb33edb

    • SHA1

      3d1cb9cf59000012734901a35baeb3d9c1dd5db3

    • SHA256

      8e77a1dd5e2df4d4af801376cc3428b082eb49fcb6e647b933967fae12ad9d5d

    • SHA512

      c9c9f72980316c68ad2a8dbe2c6c563c0deddfc9e845674d0e2f5313a0ae285d60a755e2ca04164f78b37a36521259307b3eb7d43f5ec9a9de5507bda7e4c1b8

    • SSDEEP

      3072:lN+EM1X0WlL9JAn11M1dXcGkOsizI35rCj8SIP:v+ll79in1h6

    Score
    1/10
    behavioral27behavioral28

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

meduzacollectiondiscoveryspywarestealer
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

meduzacollectiondiscoveryspywarestealer
Score
10/10

behavioral22

meduzacollectiondiscoveryspywarestealer
Score
10/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10