meduza | 7d6a0693e44789c8a54ea0fa3318cea0ec952571f4fa7864ca3703b8864b424f | Triage

Sharing

General

Target

7d6a0693e44789c8a54ea0fa3318cea0ec952571f4fa7864ca3703b8864b424fN.exe
Size

1.2MB
Sample

241203-lt2peszmfy
MD5

ea488034d99d896a5d76ef8057dabb70
SHA1

28cce7dd2cc8db4bef4a6c75da1dfdf816458cc2
SHA256

7d6a0693e44789c8a54ea0fa3318cea0ec952571f4fa7864ca3703b8864b424f
SHA512

bd39cd6f75ebd07d57b74f0d3e742de31a664819d62483d598e84da18f412ae6f77ed7fbe9099a22df2007abe79f573f6614169f6186d388af1b283a32890ddc
SSDEEP

24576:dMs8x56hd8BiPp/0+1Mrjs6mZ/F7qXh0lhSMXl/YJ4Ad:+s8b6hmBipRMrjMJ1q2PE

Score

10^/10

meduza

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
589
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Targets

- Target
  
  7d6a0693e44789c8a54ea0fa3318cea0ec952571f4fa7864ca3703b8864b424fN.exe
- Size
  
  1.2MB
- MD5
  
  ea488034d99d896a5d76ef8057dabb70
- SHA1
  
  28cce7dd2cc8db4bef4a6c75da1dfdf816458cc2
- SHA256
  
  7d6a0693e44789c8a54ea0fa3318cea0ec952571f4fa7864ca3703b8864b424f
- SHA512
  
  bd39cd6f75ebd07d57b74f0d3e742de31a664819d62483d598e84da18f412ae6f77ed7fbe9099a22df2007abe79f573f6614169f6186d388af1b283a32890ddc
- SSDEEP
  
  24576:dMs8x56hd8BiPp/0+1Mrjs6mZ/F7qXh0lhSMXl/YJ4Ad:+s8b6hmBipRMrjMJ1q2PE
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2