meduza | ee3398bef56528ab467234c1e1cda885656a3c853d28f0ac4a6a660cf13a246e | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-12-18...uk.exe

windows7-x64

5

2024-12-18...uk.exe

windows10-2004-x64

Sharing

General

Target

2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk
Size

4.1MB
Sample

241218-bw3z6ayjcn
MD5

e77b17460e9174ca86145bcdf460ad77
SHA1

a7eb88f9198eccc338f0deed8bd7cf3511d5639d
SHA256

ee3398bef56528ab467234c1e1cda885656a3c853d28f0ac4a6a660cf13a246e
SHA512

066926af4dcc1bbeca80bd9ad1ba51708b1348398dbf5cc703104b96a366d8185860c8bec7e077250852819c90d7735d8a0ca69f5e5c8a9a549342e5d5aea5db
SSDEEP

49152:Xl4UjB0jUuXwCMh4Y9SH3nzth5D+pH/BOvdSZARtFvBA:14UjKguFA

Score

10^/10

meduza stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe

Resource

win7-20241010-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

5.252.155.28

Attributes

anti_dbg
true
anti_vm
true
build_name
781
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Targets

- Target
  
  2024-12-18_e77b17460e9174ca86145bcdf460ad77_ryuk
- Size
  
  4.1MB
- MD5
  
  e77b17460e9174ca86145bcdf460ad77
- SHA1
  
  a7eb88f9198eccc338f0deed8bd7cf3511d5639d
- SHA256
  
  ee3398bef56528ab467234c1e1cda885656a3c853d28f0ac4a6a660cf13a246e
- SHA512
  
  066926af4dcc1bbeca80bd9ad1ba51708b1348398dbf5cc703104b96a366d8185860c8bec7e077250852819c90d7735d8a0ca69f5e5c8a9a549342e5d5aea5db
- SSDEEP
  
  49152:Xl4UjB0jUuXwCMh4Y9SH3nzth5D+pH/BOvdSZARtFvBA:14UjKguFA
Score

10^/10

meduza stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy