Extracted

• • Target

    2025-01-11_bff384aa2ad790c0b2d9e6cead6e6f19_cobalt-strike_ryuk

  • Size

    1.9MB

  • MD5

    bff384aa2ad790c0b2d9e6cead6e6f19

  • SHA1

    66cd01171e006bbe655cda0364ee9aff631384af

  • SHA256

    1a9978c82715c31612a9b3e885b3a5aec050645913d4546217768fa763d33142

  • SHA512

    962096259e2cc5d96b676019e872847cbcbbb30eb2642160374a9095bb122d94aae6bdd4b5391069cbb21723ea073379cf8dc01e1bb8f00e07493beb2f516c00

  • SSDEEP

    24576:Mix5BM9/ea/bxXK/lgyPVDMPKe51kc/XiqPNuMeZLc7dKifbTu1KAQilof9N3gCk:MoBMb/N8P2S/cetc7drbcKZdfo

  Score

  10^/10

  meduzastealer

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza

  • Meduza Stealer payload

  • Meduza family

    meduza

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2