General
-
Target
PolysyApp_Installer.zip
-
Size
113.9MB
-
Sample
241211-q5z27avnbt
-
MD5
d1ae81f5a0eac760a80e7d0377d7e0bb
-
SHA1
61085e85f50eaa905454de1b79117147ef49f116
-
SHA256
2eeabe0491d6ed0ce9b810de803af42f9653adae4f4674cab59f8154e1e12888
-
SHA512
6242e56d42a47b9471859718edfc25d167eccc7b71ac3a6459f6f0f6d94d902737b03ef44d0f5e9251d365ad70ae79431b6aaff5cac33e08ac7cad6f9379b780
-
SSDEEP
1572864:FRPSPMNhBW1Mpx67DUd8G8mQGUPXmp7ZQhi5jiuWjg+1OfG746ISSowXhiVrIFgT:3jhgDUpvDUPsZOLtjgmq46fXKTqtPY
Static task
static1
Malware Config
Targets
-
-
Target
Polysy_Launcher.exe
-
Size
199KB
-
MD5
de1cac479c4e6835736353a50f9971bb
-
SHA1
29f661c7966146e01c520ed986248649596f0604
-
SHA256
738913f52e0c4028bceecf7d81c446fa4319519729d227cf5d4eeabd78f472c2
-
SHA512
a411aa5df40f9fd69afbde612f32ac2c44bb18c7e277e8fb126d55ecbc3a024b8ef5b6515c738d75e0b7c436f33f6e8d6673930a6e654fbc72276909d9cce9ef
-
SSDEEP
384:gjLWLV6hIElJtDINwNfyPI4HRs6AuOow60IIIaebvokSA2Sr6XOxukts1q1zk/zy:9LkteVlHR7VskidgZYcV69izh
-
Meduza Stealer payload
-
Meduza family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1