Overview

overview

10

Static

static

1

WhatsApp I...89.jpg

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WhatsApp Image 2024-08-25 at 19.33.04_96866189.jpg

  • Size

    123KB

  • Sample

    250101-xny7wsymby

  • MD5

    c860943154c5672972e115b11c24f595

  • SHA1

    8316eaeb2b836d6efddae796e6e52ad771a8dbdf

  • SHA256

    b86e0a8249b10a238f47ca61287534127a979c5e311a0de569db1973a026b8a2

  • SHA512

    3cc8a936a1a14c47d38cf51e4d89356993eda4901be64fa19c4fefff6495f1f8712fe5bde5a16e7586684c11648c80ca19889e372ce68a4dd1b4eb8dfcedf5b1

  • SSDEEP

    3072:a4kviNogaQ2VUgNw4rjwpnapYJSyaqztji4xMrcmBW/tOSIxN6YJ:ahGopQ22oyJaS77zt/MrtW/tOSg66

Score
10/10
meduzadiscoverystealer

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    6

  • extensions

    none

  • grabber_max_size

    1.048576e+06

  • links

    none

  • port

    15666

  • self_destruct

    true

Targets

    • Target

      WhatsApp Image 2024-08-25 at 19.33.04_96866189.jpg

    • Size

      123KB

    • MD5

      c860943154c5672972e115b11c24f595

    • SHA1

      8316eaeb2b836d6efddae796e6e52ad771a8dbdf

    • SHA256

      b86e0a8249b10a238f47ca61287534127a979c5e311a0de569db1973a026b8a2

    • SHA512

      3cc8a936a1a14c47d38cf51e4d89356993eda4901be64fa19c4fefff6495f1f8712fe5bde5a16e7586684c11648c80ca19889e372ce68a4dd1b4eb8dfcedf5b1

    • SSDEEP

      3072:a4kviNogaQ2VUgNw4rjwpnapYJSyaqztji4xMrcmBW/tOSIxN6YJ:ahGopQ22oyJaS77zt/MrtW/tOSg66

    Score
    10/10
    meduzadiscoverystealer

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Meduza family

      meduza

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks