meduza | 25e277e1b7eeec58d0b02fe55bc37c574497faedc23e2a0a05139b3a3ab481ff | Triage

Submit
Reports

Overview

overview

Static

static

3

25e277e1b7...ff.exe

windows7-x64

25e277e1b7...ff.exe

windows10-2004-x64

Sharing

General

Target

25e277e1b7eeec58d0b02fe55bc37c574497faedc23e2a0a05139b3a3ab481ff
Size

4.1MB
Sample

241227-t8424axlgp
MD5

074c59a677f28681f09b088b5eff7b9b
SHA1

b49e41a65125eade7f90831e4eae74afe30167b7
SHA256

25e277e1b7eeec58d0b02fe55bc37c574497faedc23e2a0a05139b3a3ab481ff
SHA512

2f77955b930fbbefb6465e3f9a58f0c82b5f6afdefc5329416dfe5dfa2e979a3461bec977bc492b9ff85d53a42cf52b6771b9988f50455211a238cc331664abf
SSDEEP

49152:qxGK0l3e3udzDRxACQG2zuPLlPx6rA3EYMHGul7irGxdecVUovWH8beZ:qxGK09yuJZ

Score

10^/10

meduza collection discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

25e277e1b7eeec58d0b02fe55bc37c574497faedc23e2a0a05139b3a3ab481ff.exe

Resource

win7-20240903-en

meduza collection discovery stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

25e277e1b7eeec58d0b02fe55bc37c574497faedc23e2a0a05139b3a3ab481ff.exe

Resource

win10v2004-20241007-en

meduza collection discovery stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
686
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Targets

- Target
  
  25e277e1b7eeec58d0b02fe55bc37c574497faedc23e2a0a05139b3a3ab481ff
- Size
  
  4.1MB
- MD5
  
  074c59a677f28681f09b088b5eff7b9b
- SHA1
  
  b49e41a65125eade7f90831e4eae74afe30167b7
- SHA256
  
  25e277e1b7eeec58d0b02fe55bc37c574497faedc23e2a0a05139b3a3ab481ff
- SHA512
  
  2f77955b930fbbefb6465e3f9a58f0c82b5f6afdefc5329416dfe5dfa2e979a3461bec977bc492b9ff85d53a42cf52b6771b9988f50455211a238cc331664abf
- SSDEEP
  
  49152:qxGK0l3e3udzDRxACQG2zuPLlPx6rA3EYMHGul7irGxdecVUovWH8beZ:qxGK09yuJZ
Score

10^/10

meduza collection discovery stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meduzacollectiondiscoverystealer

behavioral2

meduzacollectiondiscoverystealer

© 2018-2024

Terms | Privacy