General

  • Target

    2025-01-11_bff384aa2ad790c0b2d9e6cead6e6f19_cobalt-strike_ryuk

  • Size

    1.9MB

  • Sample

    250111-b8pcjazqdj

  • MD5

    bff384aa2ad790c0b2d9e6cead6e6f19

  • SHA1

    66cd01171e006bbe655cda0364ee9aff631384af

  • SHA256

    1a9978c82715c31612a9b3e885b3a5aec050645913d4546217768fa763d33142

  • SHA512

    962096259e2cc5d96b676019e872847cbcbbb30eb2642160374a9095bb122d94aae6bdd4b5391069cbb21723ea073379cf8dc01e1bb8f00e07493beb2f516c00

  • SSDEEP

    24576:Mix5BM9/ea/bxXK/lgyPVDMPKe51kc/XiqPNuMeZLc7dKifbTu1KAQilof9N3gCk:MoBMb/N8P2S/cetc7drbcKZdfo

Score
10/10

Malware Config

Extracted

Family

meduza

C2

209.127.36.90

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    123

  • extensions

    .txt; .doc; .xlsx

  • grabber_max_size

    4.194304e+06

  • port

    15666

  • self_destruct

    false

Targets

    • Target

      2025-01-11_bff384aa2ad790c0b2d9e6cead6e6f19_cobalt-strike_ryuk

    • Size

      1.9MB

    • MD5

      bff384aa2ad790c0b2d9e6cead6e6f19

    • SHA1

      66cd01171e006bbe655cda0364ee9aff631384af

    • SHA256

      1a9978c82715c31612a9b3e885b3a5aec050645913d4546217768fa763d33142

    • SHA512

      962096259e2cc5d96b676019e872847cbcbbb30eb2642160374a9095bb122d94aae6bdd4b5391069cbb21723ea073379cf8dc01e1bb8f00e07493beb2f516c00

    • SSDEEP

      24576:Mix5BM9/ea/bxXK/lgyPVDMPKe51kc/XiqPNuMeZLc7dKifbTu1KAQilof9N3gCk:MoBMb/N8P2S/cetc7drbcKZdfo

    Score
    10/10
    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

    • Meduza Stealer payload

    • Meduza family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks