General
-
Target
XenoUI.exe
-
Size
140KB
-
Sample
241220-22mhgawral
-
MD5
f0d6a8ef8299c5f15732a011d90b0be1
-
SHA1
5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf
-
SHA256
326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b
-
SHA512
5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27
-
SSDEEP
3072:2hK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfxDhBury:2hK4XycqgpfCup5sVxuZ04bhA
Static task
static1
Behavioral task
behavioral1
Sample
XenoUI.exe
Resource
win7-20241010-en
Malware Config
Extracted
meduza
109.107.181.162
-
anti_dbg
true
-
anti_vm
true
-
build_name
6
-
extensions
none
-
grabber_max_size
1.048576e+06
-
links
none
-
port
15666
-
self_destruct
true
Targets
-
-
Target
XenoUI.exe
-
Size
140KB
-
MD5
f0d6a8ef8299c5f15732a011d90b0be1
-
SHA1
5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf
-
SHA256
326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b
-
SHA512
5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27
-
SSDEEP
3072:2hK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfxDhBury:2hK4XycqgpfCup5sVxuZ04bhA
-
Meduza Stealer payload
-
Meduza family
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-