Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27-12-2024 05:51
General
-
Target
utkin.exe
-
Size
2.6MB
-
MD5
119891f3f60e7bba10a6b60731a8d211
-
SHA1
576db62811bd9aa8c735b90851b8f872bf223248
-
SHA256
ad9b276a5d2f75e7d1c6b21f95d8a7cb70f482f2621847bca4864d90753de72f
-
SHA512
694f22d1c9f351e8d3d31d33c04cdb403afaf1afb45df65150298d8707c9228c05b8e5b2f7245c48dcf06270eed8dae79a51b23c9cc20470ee860e2584cec4bf
-
SSDEEP
24576:V9L8hJZ4uB+Ch0lhSMXl72x+GsNompILTDyWD5Q:PL8hD4aurpompILTDyz
Score
10/10
Malware Config
Extracted
Family
meduza
C2
193.3.19.151
Attributes
-
anti_dbg
true
-
anti_vm
true
-
build_name
hellres
-
extensions
.txt; .doc; .xlsx
-
grabber_max_size
4.194304e+06
-
port
15666
-
self_destruct
false
Signatures
-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload 2 IoCs
-
Meduza family
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\utkin.exe"C:\Users\Admin\AppData\Local\Temp\utkin.exe"1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
-
Filesize
1.3MB