Overview

overview

10

Static

static

3

2024-12-26...uk.exe

windows7-x64

10

2024-12-26...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-26_a000e58ed7523cc210dcc9ff538c1c1c_cobalt-strike_ryuk

  • Size

    1.8MB

  • Sample

    241226-bwrbcstnal

  • MD5

    a000e58ed7523cc210dcc9ff538c1c1c

  • SHA1

    03dafef07b08b3d2a87722639b80591ebc29cf92

  • SHA256

    2f530fd818f587f0d3158d40bd1908380f8efa2e51463d24414000c580b3d0e2

  • SHA512

    dfae2a60c88c37a4b11ec2ceb34457a43d178f227f6249c795ce509a6eeec78afcb431c0ef271e03c8d44dfcb3bce3f8b2e6c7b902e5115b2da4e7e765a53252

  • SSDEEP

    24576:ywkdIl1quH1UN7J+3Wi985USl3m5GDci2ftD20kvA6cX6ZbGKS5xFWpGt9u7:AjukYt8uac9UPA6499

Score
10/10
meduzastealer

Malware Config

Extracted

Family

meduza

C2

127.0.0.1

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    Meduza

  • extensions

    .txt; .doc; .xlsx

  • grabber_max_size

    4.194304e+06

  • port

    15666

  • self_destruct

    false

Targets

    • Target

      2024-12-26_a000e58ed7523cc210dcc9ff538c1c1c_cobalt-strike_ryuk

    • Size

      1.8MB

    • MD5

      a000e58ed7523cc210dcc9ff538c1c1c

    • SHA1

      03dafef07b08b3d2a87722639b80591ebc29cf92

    • SHA256

      2f530fd818f587f0d3158d40bd1908380f8efa2e51463d24414000c580b3d0e2

    • SHA512

      dfae2a60c88c37a4b11ec2ceb34457a43d178f227f6249c795ce509a6eeec78afcb431c0ef271e03c8d44dfcb3bce3f8b2e6c7b902e5115b2da4e7e765a53252

    • SSDEEP

      24576:ywkdIl1quH1UN7J+3Wi985USl3m5GDci2ftD20kvA6cX6ZbGKS5xFWpGt9u7:AjukYt8uac9UPA6499

    Score
    10/10
    meduzastealer

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Meduza family

      meduza

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks