Overview

overview

10

Static

static

3

launcher.exe

windows7-x64

1

launcher.exe

windows10-2004-x64

8

launcher.exe

windows10-ltsc 2021-x64

8

launcher.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    1s
  • max time network
    2s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-12-2024 04:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    launcher.exe

  • Size

    2.7MB

  • MD5

    d0a533b0a373fde0f588b82e7ea0c101

  • SHA1

    2f57d98f206399b90fe16251290f1f5e9004cb7b

  • SHA256

    5d8a71f3c3ce813bb7348245e82c92eff58aac97f27eb93b111e0725a39cee2e

  • SHA512

    649e0b1bcaf321cfd7115990b98f21a41a170d02d8f8145f2b7dfa20f82ab7241bc4f0f39e09d20f809785bb9d86ac53007c7d55a7cbdfd23c327dd4abc5d9ea

  • SSDEEP

    49152:aKvJJYNPp6UhTz8AZbRmaYxTxfDjHyuQDc6p:raUDjSuw

Score
10/10
meduzastealer

Malware Config

Extracted

Family

meduza

C2

193.3.19.151

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    hdont

  • extensions

    .txt

  • grabber_max_size

    4.194304e+06

  • port

    15666

  • self_destruct

    false

Signatures

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza
  • Meduza Stealer payload 1 IoCs
  • Meduza family
    meduza
  • Downloads MZ/PE file
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\launcher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3400
    • C:\Windows\system32\cmd.exe
      "cmd" /C C:\Users\Admin\AppData\Local\Temp\duschno.exe
      2⤵
        PID:2072
      • C:\Windows\system32\cmd.exe
        "cmd" /C "echo This version is not supported on your device."
        2⤵
          PID:4828

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\duschno.exe
        Filesize

        1.2MB

        MD5

        c6813da66eba357d0deaa48c2f7032b8

        SHA1

        6812e46c51f823ff0b0ee17bfce0af72f857af66

        SHA256

        1420f60f053c3ea5605239ee431e5f487245108b1c01be75d16b5246156fa178

        SHA512

        19391c6b12ba8f34a5faf326f8986ef8de4729d614d72bf438c6efa569b3505159ca55f580fe2a02642e5e7a0f1b38a7a9db9f0d66d67ba548d84c230183159e

        Download Submit