General
-
Target
c401a019b5a9e44646577f8922e1014e.bin
-
Size
1.2MB
-
Sample
250107-b6qgtazqbr
-
MD5
a2b941736a2ce18907f6cda6d49b1b14
-
SHA1
eec7a607333e567b6c2418c413e681ec99b57201
-
SHA256
4e3ae21557c07e2c3b30040df6078be5a8276163f52166954cbbdd4f14321488
-
SHA512
1ab1d0961eb6cd983f8740251e7678122a41d9fad477901654844350e6530d0a6252b31893fe33c7e7b0976fd32e1be356e2821d95d59e0bceaf9106e5f024f9
-
SSDEEP
24576:g9R704mCsJlR5iH/tgx9wj60dvy8V32LFV3IuaS4IPEV9jty3sqw:g9FeCsl/MF49sNUbLFxRTe95yy
Malware Config
Targets
-
-
Target
31ebf7219722b8c908a914b2b08c5d03140af8b0cef6c96152e458dc82301c0a.exe
-
Size
1.2MB
-
MD5
c401a019b5a9e44646577f8922e1014e
-
SHA1
3406d945b0283bb6337a7490198b00cd1df278a2
-
SHA256
31ebf7219722b8c908a914b2b08c5d03140af8b0cef6c96152e458dc82301c0a
-
SHA512
f1306e3e015f005af3675f53ff17015b4cdc4484d13690a04842fa8ab9e7037c68e2e53c90176d7fff36c8a2faf50864d09fb89609466d5d89d7f11783f9250f
-
SSDEEP
24576:Bdl/7xIgevnHodySw5KP4lXkV8sWGzv6VD0iNKlsTEc8hF71X:/l/a5vnIdyd5Q4lXkBmLNfkP7F
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1