meduza | 908b67569cb0ade3de4b268c6434fc6f1bd1dd6c34e450f85a970a2b9ba96b12 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-12-18...uk.exe

windows7-x64

2024-12-18...uk.exe

windows10-2004-x64

Sharing

General

Target

2024-12-18_bcf52a0a47b0ad28d13e6c0002ca79b9_cobalt-strike_ryuk
Size

3.1MB
Sample

241218-bv7lyswph1
MD5

bcf52a0a47b0ad28d13e6c0002ca79b9
SHA1

46331f1bea07b857fbb69bdd50ffd945e9e5f94c
SHA256

908b67569cb0ade3de4b268c6434fc6f1bd1dd6c34e450f85a970a2b9ba96b12
SHA512

c2a4a09448974c1bc95cb66e923c67ee0ea74826338838a76c11fc907f7fa762e1da90135c8ea3a6aeea5da16a6a63fce76c6ace4cc02a0685f8d03937fddc82
SSDEEP

24576:SBvGLDqo2AH/mhrnOG1HuHPIsfHGY+++Ct+bNZUTRoB71b0P7SY8Vvhdri2:uCzHubDsy9Rb0J8Jn

Score

10^/10

meduza stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-12-18_bcf52a0a47b0ad28d13e6c0002ca79b9_cobalt-strike_ryuk.exe

Resource

win7-20240903-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-12-18_bcf52a0a47b0ad28d13e6c0002ca79b9_cobalt-strike_ryuk.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

147.45.44.228

Attributes

anti_dbg
true
anti_vm
true
build_name
542
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Targets

- Target
  
  2024-12-18_bcf52a0a47b0ad28d13e6c0002ca79b9_cobalt-strike_ryuk
- Size
  
  3.1MB
- MD5
  
  bcf52a0a47b0ad28d13e6c0002ca79b9
- SHA1
  
  46331f1bea07b857fbb69bdd50ffd945e9e5f94c
- SHA256
  
  908b67569cb0ade3de4b268c6434fc6f1bd1dd6c34e450f85a970a2b9ba96b12
- SHA512
  
  c2a4a09448974c1bc95cb66e923c67ee0ea74826338838a76c11fc907f7fa762e1da90135c8ea3a6aeea5da16a6a63fce76c6ace4cc02a0685f8d03937fddc82
- SSDEEP
  
  24576:SBvGLDqo2AH/mhrnOG1HuHPIsfHGY+++Ct+bNZUTRoB71b0P7SY8Vvhdri2:uCzHubDsy9Rb0J8Jn
Score

10^/10

meduza stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy