meduza | 1478a5cd68e50813f921db18425f99dfcddaa89c5d683b1420ac530a3026a6c5 | Triage

Sharing

General

Target

1478a5cd68e50813f921db18425f99dfcddaa89c5d683b1420ac530a3026a6c5.exe
Size

1.2MB
Sample

241204-h8pfvsxndy
MD5

0c2e9c8e7a0c754cff93bb572d465b3f
SHA1

e9d16513d744848fd8973a915619306c80c4b27a
SHA256

1478a5cd68e50813f921db18425f99dfcddaa89c5d683b1420ac530a3026a6c5
SHA512

566843c0d7385aa70c25ea2cef398b6ce2885121dcd5c9e4c4c92cc640ffb4fff86962a697ce3675c4096b179d3971e65fbd562e7a6cdfe81dd536f96b9eac12
SSDEEP

24576:dMs8x56hd8BiPp/0+1Mrjs6mZ/F7qXh0lhSMXl/YJ4Ad4:+s8b6hmBipRMrjMJ1q2PEa

Score

10^/10

meduza

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
589
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Targets

- Target
  
  1478a5cd68e50813f921db18425f99dfcddaa89c5d683b1420ac530a3026a6c5.exe
- Size
  
  1.2MB
- MD5
  
  0c2e9c8e7a0c754cff93bb572d465b3f
- SHA1
  
  e9d16513d744848fd8973a915619306c80c4b27a
- SHA256
  
  1478a5cd68e50813f921db18425f99dfcddaa89c5d683b1420ac530a3026a6c5
- SHA512
  
  566843c0d7385aa70c25ea2cef398b6ce2885121dcd5c9e4c4c92cc640ffb4fff86962a697ce3675c4096b179d3971e65fbd562e7a6cdfe81dd536f96b9eac12
- SSDEEP
  
  24576:dMs8x56hd8BiPp/0+1Mrjs6mZ/F7qXh0lhSMXl/YJ4Ad4:+s8b6hmBipRMrjMJ1q2PEa
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2