General
-
Target
2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk
-
Size
3.1MB
-
Sample
241228-qnpj5ayjdw
-
MD5
9d28b3f2746f719fe82a21428f9265ae
-
SHA1
3acd169f55124db5b2d46a95ffdd48d5a57e3c11
-
SHA256
2b1545089a5a1be6fe2ce0fa399d982b4b7995a750a1ea0528695c7eed5f24d4
-
SHA512
38c856ab59f7471c9b582c520a6d8b8cc47841c042802797055f8794439ece9c671c0c4922cfcb180af6fe7b4fc9bded48c936b910bc6482acf07ae9434ffb83
-
SSDEEP
24576:qiiuUWnfyNSRhmCW5YeLuB7LAFFG3tXEZ83yCfv4vj3gvsceB9rGUoI65zkbu8w8:U+fce/frCAsLrZ+zH8S
Malware Config
Extracted
meduza
147.45.44.216
-
anti_dbg
true
-
anti_vm
true
-
build_name
423
-
grabber_max_size
1.048576e+06
-
port
15666
-
self_destruct
true
Targets
-
-
Target
2024-12-28_9d28b3f2746f719fe82a21428f9265ae_cobalt-strike_ryuk
-
Size
3.1MB
-
MD5
9d28b3f2746f719fe82a21428f9265ae
-
SHA1
3acd169f55124db5b2d46a95ffdd48d5a57e3c11
-
SHA256
2b1545089a5a1be6fe2ce0fa399d982b4b7995a750a1ea0528695c7eed5f24d4
-
SHA512
38c856ab59f7471c9b582c520a6d8b8cc47841c042802797055f8794439ece9c671c0c4922cfcb180af6fe7b4fc9bded48c936b910bc6482acf07ae9434ffb83
-
SSDEEP
24576:qiiuUWnfyNSRhmCW5YeLuB7LAFFG3tXEZ83yCfv4vj3gvsceB9rGUoI65zkbu8w8:U+fce/frCAsLrZ+zH8S
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1