meduza | 75acf95197b3097e37fd11e0d48eefb85d814eaff36ad60d9a20ee7df8d76c50 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-01-05...uk.exe

windows7-x64

2025-01-05...uk.exe

windows10-2004-x64

Sharing

General

Target

2025-01-05_9c0b4a4fe825b04e1f5bf35bd5b73b8f_cobalt-strike_ryuk
Size

3.1MB
Sample

250105-l7qt3s1ldv
MD5

9c0b4a4fe825b04e1f5bf35bd5b73b8f
SHA1

63929ea5284d01e9bbb735870dcb5525b1389128
SHA256

75acf95197b3097e37fd11e0d48eefb85d814eaff36ad60d9a20ee7df8d76c50
SHA512

0c1e6437ee3afa71ef51cd290ff7ce4c2eddec6dc2cc99567daefb5f8dd5c1d91ee75c3101317d8fc2376d85986ef61e5cab52a6675b92e9c07c53cf11670f2e
SSDEEP

24576:qiixlR6I3vbasXpLtwBOz9qhjDWsoQ4lFEHLEBINGIJkoqIUrKybKffn3kiIGHI8:UxVRsw6NxAI0jG

Score

10^/10

meduza stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-01-05_9c0b4a4fe825b04e1f5bf35bd5b73b8f_cobalt-strike_ryuk.exe

Resource

win7-20240903-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-01-05_9c0b4a4fe825b04e1f5bf35bd5b73b8f_cobalt-strike_ryuk.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

45.130.145.152

Attributes

anti_dbg
true
anti_vm
true
build_name
SEO2.0
extensions
.txt; .doc; .xlsx
grabber_max_size
4.194304e+06
port
15666
self_destruct
false

Targets

- Target
  
  2025-01-05_9c0b4a4fe825b04e1f5bf35bd5b73b8f_cobalt-strike_ryuk
- Size
  
  3.1MB
- MD5
  
  9c0b4a4fe825b04e1f5bf35bd5b73b8f
- SHA1
  
  63929ea5284d01e9bbb735870dcb5525b1389128
- SHA256
  
  75acf95197b3097e37fd11e0d48eefb85d814eaff36ad60d9a20ee7df8d76c50
- SHA512
  
  0c1e6437ee3afa71ef51cd290ff7ce4c2eddec6dc2cc99567daefb5f8dd5c1d91ee75c3101317d8fc2376d85986ef61e5cab52a6675b92e9c07c53cf11670f2e
- SSDEEP
  
  24576:qiixlR6I3vbasXpLtwBOz9qhjDWsoQ4lFEHLEBINGIJkoqIUrKybKffn3kiIGHI8:UxVRsw6NxAI0jG
Score

10^/10

meduza stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy