meduza | d95ae7b09fc599fa5ef99c04131117f9b8f9432b3b4aa9cf8492535f8d71ceae | Triage

Submit
Reports

Overview

overview

Static

static

3

fcd1cdfe35...18.pdf

windows7-x64

3

fcd1cdfe35...18.pdf

windows10-2004-x64

Resubmissions

20-12-2024 21:57

241220-1vd23svrbr 8

18-12-2024 19:52

241218-ylw57azrfn 10

18-12-2024 19:51

241218-ylabeszrek 3

18-12-2024 19:31

241218-x8fw2sypez 8

18-12-2024 19:27

241218-x6k3zsypaw 3

18-12-2024 19:27

241218-x54hyazlfn 3

Sharing

General

Target

fcd1cdfe358c3b7c95e10cf72dbf727f_JaffaCakes118
Size

93KB
Sample

241218-ylw57azrfn
MD5

fcd1cdfe358c3b7c95e10cf72dbf727f
SHA1

7c5c487471db6b1702085fd880a931a819baa264
SHA256

d95ae7b09fc599fa5ef99c04131117f9b8f9432b3b4aa9cf8492535f8d71ceae
SHA512

30ca7a429aa4b1b3a877c6b8b83e3f957c2cb5a7a06d2ad63e0be5e85ade27f0d3255d8c0c671150013c01546369052882f5db77997f3980148a8b7a3a47caa6
SSDEEP

1536:UHedaEV1N3QjlwBgiZDASIKwJJYut9OLod6/d3Vb4fcXwWx+7oRW8pO+W/O:Kedai/3ywBgirIBL1qd3VbrXp+7ow+D

Score

10^/10

meduza microsoft discovery link pdf phishing spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fcd1cdfe358c3b7c95e10cf72dbf727f_JaffaCakes118.pdf

Resource

win7-20240903-en

windows7-x64

3 signatures

1200 seconds

Behavioral task

behavioral2

Sample

fcd1cdfe358c3b7c95e10cf72dbf727f_JaffaCakes118.pdf

Resource

win10v2004-20241007-en

meduza microsoft discovery phishing spyware stealer

windows10-2004-x64

30 signatures

1200 seconds

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
6
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Targets

- Target
  
  fcd1cdfe358c3b7c95e10cf72dbf727f_JaffaCakes118
- Size
  
  93KB
- MD5
  
  fcd1cdfe358c3b7c95e10cf72dbf727f
- SHA1
  
  7c5c487471db6b1702085fd880a931a819baa264
- SHA256
  
  d95ae7b09fc599fa5ef99c04131117f9b8f9432b3b4aa9cf8492535f8d71ceae
- SHA512
  
  30ca7a429aa4b1b3a877c6b8b83e3f957c2cb5a7a06d2ad63e0be5e85ade27f0d3255d8c0c671150013c01546369052882f5db77997f3980148a8b7a3a47caa6
- SSDEEP
  
  1536:UHedaEV1N3QjlwBgiZDASIKwJJYut9OLod6/d3Vb4fcXwWx+7oRW8pO+W/O:Kedai/3ywBgirIBL1qd3VbrXp+7ow+D
Score

10^/10

discovery meduza microsoft phishing spyware stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: e^^QgPA@G^
  phishing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

meduzamicrosoftdiscoveryphishingspywarestealer

© 2018-2024

Terms | Privacy