General

  • Target

    launcher.exe

  • Size

    2.7MB

  • Sample

    241212-g7327atkbw

  • MD5

    43585525c685cdc8a58a2bcd525dff62

  • SHA1

    b90d6b202148671e4df140f56a824ea25b649528

  • SHA256

    b4a02368084a17318bf74c788f5aeaa530555a175129aa0c08d8ab100afb6222

  • SHA512

    f46f6c21321d1b00ab1783b4346ce132744fb07e22de9c5fbb41c71f999e30f7e9d02c50857a7d64c0cfb86683005090aecd41fc18c21293bf05672d5c37eaa6

  • SSDEEP

    49152:c79BvPwo72v4la0/YvIhZxTjKcmsvEIJ9FU:WsIxmsvx

Malware Config

Extracted

Family

meduza

C2

193.3.19.151

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    hdont

  • extensions

    .txt

  • grabber_max_size

    4.194304e+06

  • port

    15666

  • self_destruct

    false

Targets

    • Target

      launcher.exe

    • Size

      2.7MB

    • MD5

      43585525c685cdc8a58a2bcd525dff62

    • SHA1

      b90d6b202148671e4df140f56a824ea25b649528

    • SHA256

      b4a02368084a17318bf74c788f5aeaa530555a175129aa0c08d8ab100afb6222

    • SHA512

      f46f6c21321d1b00ab1783b4346ce132744fb07e22de9c5fbb41c71f999e30f7e9d02c50857a7d64c0cfb86683005090aecd41fc18c21293bf05672d5c37eaa6

    • SSDEEP

      49152:c79BvPwo72v4la0/YvIhZxTjKcmsvEIJ9FU:WsIxmsvx

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

    • Meduza Stealer payload

    • Meduza family

    • Downloads MZ/PE file

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks