Overview

overview

10

Static

static

3

utkin.exe

windows7-x64

10

utkin.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2024 05:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    utkin.exe

  • Size

    2.6MB

  • MD5

    119891f3f60e7bba10a6b60731a8d211

  • SHA1

    576db62811bd9aa8c735b90851b8f872bf223248

  • SHA256

    ad9b276a5d2f75e7d1c6b21f95d8a7cb70f482f2621847bca4864d90753de72f

  • SHA512

    694f22d1c9f351e8d3d31d33c04cdb403afaf1afb45df65150298d8707c9228c05b8e5b2f7245c48dcf06270eed8dae79a51b23c9cc20470ee860e2584cec4bf

  • SSDEEP

    24576:V9L8hJZ4uB+Ch0lhSMXl72x+GsNompILTDyWD5Q:PL8hD4aurpompILTDyz

Score
10/10
meduzastealer

Malware Config

Extracted

Family

meduza

C2

193.3.19.151

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    hellres

  • extensions

    .txt; .doc; .xlsx

  • grabber_max_size

    4.194304e+06

  • port

    15666

  • self_destruct

    false

Signatures

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza
  • Meduza Stealer payload 2 IoCs
  • Meduza family
    meduza
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\utkin.exe
    "C:\Users\Admin\AppData\Local\Temp\utkin.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2320-1-0x000001B5B3E00000-0x000001B5B3F41000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2320-0-0x00007FFF44C90000-0x00007FFF44E85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2320-2-0x000001B5B3E00000-0x000001B5B3F41000-memory.dmp

    Filesize

    1.3MB

    Download