Overview

overview

10

Static

static

3

setup7.0/PhysxExt.dll

windows7-x64

3

setup7.0/PhysxExt.dll

windows10-2004-x64

3

setup7.0/setup7.0.exe

windows7-x64

10

setup7.0/setup7.0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup5.0.zip

  • Size

    2.3MB

  • Sample

    250104-vxczxayqbt

  • MD5

    d7d4d1c2aa4cbda1118cd1a9ba8c8092

  • SHA1

    0935cb34d76369f11ec09c1af2f0320699687bec

  • SHA256

    3a82d1297c523205405817a019d3923c8f6c8b4802e4e4676d562b17973b21ea

  • SHA512

    d96d6769afc7af04b80a863895009cd79c8c1f9f68d8631829484611dfce7d4f1c75fc9b54157482975c6968a46e635e533d0cad687ef856ddc81ab3444bb553

  • SSDEEP

    49152:Bx8Jh672TFZ620k0OVCnqeDkHjmxg7ux43NAhxg4fTrQ:BxYVNvVCn9DkDnrNfqTrQ

Score
10/10
meduzadiscoveryphishingstealer

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    6

  • extensions

    none

  • grabber_max_size

    1.048576e+06

  • links

    none

  • port

    15666

  • self_destruct

    true

Targets

    • Target

      setup7.0/PhysxExt.dll

    • Size

      2.9MB

    • MD5

      6ff985653d41e8d60bb1293f01729adf

    • SHA1

      1ae3086a16a91ea45c06d34071d8b3b87e058804

    • SHA256

      224ba9fe747ed7266a392961586db8a716553b85760fe3083e6d345034868d8f

    • SHA512

      fd47a81000dcd98adc03d1f45a172c19b2e8aa3c8f13338bda0b00407f7b81b52e0fa9be3f9ef87fb1303231225e83b9dd8c39a0777ee56ccd54abc52d095b87

    • SSDEEP

      24576:fZJJSVBjkvvhwVxKKpQgRQ8sUOwDUsHeHfcKtaPRO/o5o4Z/5rLyv+Fe:xJegvvhTKTRcPDqho4F5rLyW4

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      setup7.0/setup7.0.exe

    • Size

      3.6MB

    • MD5

      d38571e4500bd3936c55ab41b7d40c4b

    • SHA1

      b7dfcd284dd985b92c4ab45e13bfc45dcf067ac5

    • SHA256

      ec711f3d9eb360eb08ef30c0b315de37a59da35bd6e332d8f19d18fc480d9a3c

    • SHA512

      324e71c33eab94097b4e0cc0b6d28d8bdbca1739282b6b1fafdbb440ba2ab69d256b4905046edd719bdf20192440d160193f983f2217ccaf4972b5617a2a592a

    • SSDEEP

      24576:wiSVYduVRYxf0fXRBvmt/cGFCTYGTnEt3lKTtHttN0jhmtksrP1yspoz9J7FbQxa:0QusxfsH8OThTM+tHtEjhFs4Uv4rqYp

    Score
    10/10
    meduzastealerdiscoveryphishing

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Meduza family

      meduza

    • A potential corporate email address has been identified in the URL: [email protected]

      phishing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks