meduza | ad9b276a5d2f75e7d1c6b21f95d8a7cb70f482f2621847bca4864d90753de72f | Triage

Submit
Reports

Overview

overview

Static

static

3

utkin.exe

windows7-x64

utkin.exe

windows10-2004-x64

Sharing

General

Target

utkin.exe
Size

2.6MB
Sample

241227-gj57msslgs
MD5

119891f3f60e7bba10a6b60731a8d211
SHA1

576db62811bd9aa8c735b90851b8f872bf223248
SHA256

ad9b276a5d2f75e7d1c6b21f95d8a7cb70f482f2621847bca4864d90753de72f
SHA512

694f22d1c9f351e8d3d31d33c04cdb403afaf1afb45df65150298d8707c9228c05b8e5b2f7245c48dcf06270eed8dae79a51b23c9cc20470ee860e2584cec4bf
SSDEEP

24576:V9L8hJZ4uB+Ch0lhSMXl72x+GsNompILTDyWD5Q:PL8hD4aurpompILTDyz

Score

10^/10

meduza stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

utkin.exe

Resource

win7-20240903-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

utkin.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

193.3.19.151

Attributes

anti_dbg
true
anti_vm
true
build_name
hellres
extensions
.txt; .doc; .xlsx
grabber_max_size
4.194304e+06
port
15666
self_destruct
false

Targets

- Target
  
  utkin.exe
- Size
  
  2.6MB
- MD5
  
  119891f3f60e7bba10a6b60731a8d211
- SHA1
  
  576db62811bd9aa8c735b90851b8f872bf223248
- SHA256
  
  ad9b276a5d2f75e7d1c6b21f95d8a7cb70f482f2621847bca4864d90753de72f
- SHA512
  
  694f22d1c9f351e8d3d31d33c04cdb403afaf1afb45df65150298d8707c9228c05b8e5b2f7245c48dcf06270eed8dae79a51b23c9cc20470ee860e2584cec4bf
- SSDEEP
  
  24576:V9L8hJZ4uB+Ch0lhSMXl72x+GsNompILTDyWD5Q:PL8hD4aurpompILTDyz
Score

10^/10

meduza stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy