meduza | 2852-11-0x0000000140000000-0x0000000140141000-memory[.]dmp | Triage

Sharing

General

Target

2852-11-0x0000000140000000-0x0000000140141000-memory.dmp
Size

1.3MB
MD5

8a1bf46feff8ecacc06184d69b2d375a
SHA1

8c1942c6a462627531b185793bad15ddc195a968
SHA256

01efc549b93cff17317bd4c2e155e66ef044f1f482f63248269c4b819102bd8a
SHA512

a87e3ba9d8c8554f8f57c5fd5a5510cdd2433c6037fda1d6fbe14753842d054bafa5d8bbb401db5b6724f4cae458b0ceb6d9c3ddfab4f1a6459f9c5e2e2f30ad
SSDEEP

24576:hgAMXnXkciEIMJQZ/s8s9Mjemp5wx1waIh0lhSMXl5dT+dG:+3Xn0ciEIpE8s+egSx+adpdTK

Score

10^/10

meduza

Malware Config

Extracted

Family

meduza

C2

127.0.0.1

Attributes

anti_dbg
true
anti_vm
true
build_name
Meduza
extensions
.txt; .doc; .xlsx
grabber_max_size
4.194304e+06
port
15666
self_destruct
false

Signatures

Meduza Stealer payload 1 IoCs

resource	yara_rule
sample	family_meduza

Meduza family
meduza

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2852-11-0x0000000140000000-0x0000000140141000-memory.dmp

Files

2852-11-0x0000000140000000-0x0000000140141000-memory.dmp
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ