Extracted

• • Target

    birdflower.exe

  • Size

    3.2MB

  • MD5

    1f453ea0b228aaa80fc1b49de8209816

  • SHA1

    62299a245f28ec9cf2a902b79b2af4aa76ca3ef5

  • SHA256

    576f4f144c08fdbfbb44e7d679d26ab8b1526b58a781625deb095a4ba9f2105f

  • SHA512

    fdbb42caef70e8ec84e0ede91e86ef209fd413c2f01eacba72bd128433a27d9234fbee940f87f1d3726cb4e6a0a0737f99a835787ebf44e2b66d75c6f34c6c94

  • SSDEEP

    24576:S/frmzI7lsX7Rh7lmXh0lhSMXlWuQdcfFiAb0Ng8PhD4AhNJEz0vZoYOhO:KfrmzI7OXBGuk6J0NRJD46NYYo

  Score

  10^/10

  meduzastealercollectiondiscoveryspyware

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2