General
-
Target
script.ps1
-
Size
324B
-
Sample
241219-jaysbavmaw
-
MD5
129bf31d3dc155699387ccc33f2f3775
-
SHA1
1f43dcd5742a8f0b499892fd3e09255378817adc
-
SHA256
b1d2df274b2539ad80debafc925c0cf6a2c2394093e57a8e1d0023d3fc13dba3
-
SHA512
37f6f05e14cb7a78e7f245da4834b2be124e181c96c50a314dd29fc0c2b06c369b4510d068baf34495be5566e41a7d4852582643ce13beaded84720c3c3c9643
Static task
static1
Behavioral task
behavioral1
Sample
script.ps1
Resource
win7-20240903-en
Malware Config
Extracted
http://147.45.47.15/iviewers.dll
http://147.45.47.15/Launcher.exe
Extracted
meduza
193.3.19.151
-
anti_dbg
true
-
anti_vm
true
-
build_name
hdont
-
extensions
.txt
-
grabber_max_size
4.194304e+06
-
port
15666
-
self_destruct
false
Targets
-
-
Target
script.ps1
-
Size
324B
-
MD5
129bf31d3dc155699387ccc33f2f3775
-
SHA1
1f43dcd5742a8f0b499892fd3e09255378817adc
-
SHA256
b1d2df274b2539ad80debafc925c0cf6a2c2394093e57a8e1d0023d3fc13dba3
-
SHA512
37f6f05e14cb7a78e7f245da4834b2be124e181c96c50a314dd29fc0c2b06c369b4510d068baf34495be5566e41a7d4852582643ce13beaded84720c3c3c9643
-
Meduza Stealer payload
-
Meduza family
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-