General
-
Target
Xeno Executor.exe
-
Size
4.1MB
-
Sample
241208-bej6qatmg1
-
MD5
36517f5bfae396a1d223e7491a3044cc
-
SHA1
591a20349741340b21e0d3ea7d70a7df4043e925
-
SHA256
e5d7e8537578b6c2f2ad9d842c51fcda0535c82b4e84c52537afe852687aa5f2
-
SHA512
23dac5a4cca030209d9e35ba04bf0388aa0088d5e7ba4020978e77e1eeefe7f70be60bd8ccdfb81732523b726b225c6df48d005857f5b4424ec3df52f13b6394
-
SSDEEP
49152:Xl4UjB0jUuB5ykrT/v+Qcr9tF3Vm2Jzd8SgN1IRA:14UjKguKA
Static task
static1
Behavioral task
behavioral1
Sample
Xeno Executor.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Xeno Executor.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Xeno Executor.exe
Resource
win11-20241007-en
Malware Config
Extracted
meduza
5.252.155.28
-
anti_dbg
true
-
anti_vm
true
-
build_name
703
-
extensions
none
-
grabber_max_size
1.048576e+06
-
links
none
-
port
15666
-
self_destruct
true
Targets
-
-
Target
Xeno Executor.exe
-
Size
4.1MB
-
MD5
36517f5bfae396a1d223e7491a3044cc
-
SHA1
591a20349741340b21e0d3ea7d70a7df4043e925
-
SHA256
e5d7e8537578b6c2f2ad9d842c51fcda0535c82b4e84c52537afe852687aa5f2
-
SHA512
23dac5a4cca030209d9e35ba04bf0388aa0088d5e7ba4020978e77e1eeefe7f70be60bd8ccdfb81732523b726b225c6df48d005857f5b4424ec3df52f13b6394
-
SSDEEP
49152:Xl4UjB0jUuB5ykrT/v+Qcr9tF3Vm2Jzd8SgN1IRA:14UjKguKA
Score10/10-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-