General
-
Target
249658063881bcc13f2b21919906d68272dff1348251a2a1cb77abaf0eaf0c3d.zip
-
Size
1.2MB
-
Sample
250109-xbq1raxlh1
-
MD5
8225ba2c90fada8b9b26cdbbad2f471b
-
SHA1
0c11c37bb58a2682302b0d9cfd9c2e9d753c55d4
-
SHA256
8e8d12f2cc2ebbbb38b83946259b3e67f381be00d4a560f27076d6baa021f339
-
SHA512
f11580ecbde059e642ef098852f26611ae28e18ee5583e840182aa41fe40154965d9a71cae59c3a78cb10d1ed362ca53d196156bf4551ede00d6a2f07ce1a09f
-
SSDEEP
24576:z+nXS0Fvo9GR1WLAdNdNtAvVBA0RsX+uLMgPc1lOO:z+nXS0FvoQLWLA9004xuLtg8O
Malware Config
Targets
-
-
Target
249658063881bcc13f2b21919906d68272dff1348251a2a1cb77abaf0eaf0c3d.exe
-
Size
1.2MB
-
MD5
60b0f0816c90a313de1549890708f848
-
SHA1
cb8c0007e9fd7460c6cc7bb66c9dafc02b10b869
-
SHA256
249658063881bcc13f2b21919906d68272dff1348251a2a1cb77abaf0eaf0c3d
-
SHA512
ef93de31ecfb6e779fe5013165c508b202a95067c88aa8dddbffaaf74996eb7ebfd455fc7de60a90930bde808704beb7472400356e44f9c4caa47863227d77ff
-
SSDEEP
24576:Bdl/BxIgevnHodySw5KPwlXkV8sWGzv6VD0iNKlsTEc8qF71X:/l/85vnIdyd5QwlXkBmLNfky7F
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1