Overview

overview

10

Static

static

1

Setup7.0.zip

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup7.0.zip

  • Size

    3.0MB

  • Sample

    250125-cfczgazkew

  • MD5

    71f6e7367b5f6d7cc43e4548b3af4183

  • SHA1

    eb9afb0a5c0db357dd7ee3db18a8043761cd9353

  • SHA256

    c9b1182e88be182dd82ac6dae59c71375f92f139f897f76b20d9dd2f1c397984

  • SHA512

    c767a208931756e532917c714fd2c57d463011681434cfa3c08b302dd425c1d172d1c376494db8775bca2a900ee452e6bb150423daf4a6cc8abee2a05834a05a

  • SSDEEP

    98304:KJu0vKdiLunW4uzu/jOVg/OJLEGaAM8cLyeG:eKdiLuWTzoCVgmJLEGfCLyeG

Score
10/10
meduzacollectiondiscoverystealer

Malware Config

Extracted

Family

meduza

C2

109.107.181.162

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    6

  • extensions

    none

  • grabber_max_size

    1.048576e+06

  • links

    none

  • port

    15666

  • self_destruct

    true

Targets

    • Target

      Setup7.0.zip

    • Size

      3.0MB

    • MD5

      71f6e7367b5f6d7cc43e4548b3af4183

    • SHA1

      eb9afb0a5c0db357dd7ee3db18a8043761cd9353

    • SHA256

      c9b1182e88be182dd82ac6dae59c71375f92f139f897f76b20d9dd2f1c397984

    • SHA512

      c767a208931756e532917c714fd2c57d463011681434cfa3c08b302dd425c1d172d1c376494db8775bca2a900ee452e6bb150423daf4a6cc8abee2a05834a05a

    • SSDEEP

      98304:KJu0vKdiLunW4uzu/jOVg/OJLEGaAM8cLyeG:eKdiLuWTzoCVgmJLEGfCLyeG

    Score
    10/10
    meduzacollectiondiscoverystealer

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Meduza family

      meduza

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks