meduza | 104979f868c8fb59b4536a0dd059e2a85012580611b13005f0551faefd28b348 | Triage

Submit
Reports

Overview

overview

Static

static

3

urt56as32.exe

windows7-x64

urt56as32.exe

windows10-2004-x64

Sharing

General

Target

urt56as32.exe
Size

1.8MB
Sample

250109-n6xmcayqgv
MD5

9d6f20d16ed705822746cc9dddd0651a
SHA1

f8a7e04b4218b4e494b3554cca8d4248a9417423
SHA256

104979f868c8fb59b4536a0dd059e2a85012580611b13005f0551faefd28b348
SHA512

26ba8129439b2578a62ff979e35ed41bda0a11fb23e1f21b8c61ddaae0eba2a9b20168bf0f41c77ad9dfeeebc51dacd45c4a0518a3aab4a41218aa05b687018b
SSDEEP

24576:GgubagHj/klIVjvG/jRqcZvwU1mjzxJtujgAx74IgXOeTwGouiA8uZZH9:GfxFYIivRKkN/

Score

10^/10

meduza stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

urt56as32.exe

Resource

win7-20240903-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

urt56as32.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

127.0.0.1

Attributes

anti_dbg
true
anti_vm
true
build_name
Meduza
extensions
.txt; .doc; .xlsx
grabber_max_size
4.194304e+06
port
15666
self_destruct
false

Targets

- Target
  
  urt56as32.exe
- Size
  
  1.8MB
- MD5
  
  9d6f20d16ed705822746cc9dddd0651a
- SHA1
  
  f8a7e04b4218b4e494b3554cca8d4248a9417423
- SHA256
  
  104979f868c8fb59b4536a0dd059e2a85012580611b13005f0551faefd28b348
- SHA512
  
  26ba8129439b2578a62ff979e35ed41bda0a11fb23e1f21b8c61ddaae0eba2a9b20168bf0f41c77ad9dfeeebc51dacd45c4a0518a3aab4a41218aa05b687018b
- SSDEEP
  
  24576:GgubagHj/klIVjvG/jRqcZvwU1mjzxJtujgAx74IgXOeTwGouiA8uZZH9:GfxFYIivRKkN/
Score

10^/10

meduza stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy