Overview

overview

10

Static

static

3

566ba33276...80.exe

windows7-x64

10

566ba33276...80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    566ba3327696259d85d67a11b59ce380.exe

  • Size

    3.1MB

  • Sample

    250209-w4vnzaypbq

  • MD5

    566ba3327696259d85d67a11b59ce380

  • SHA1

    93d30a7208307eec594b60b9909aa0c095eea6f5

  • SHA256

    7e862d24eb0a3d7b1c5eec79d69be0b4269700c2cf4b5b868ea9c02b6fa6b6b5

  • SHA512

    bbc4ba6ce993b89dead9e287670de574da29f9890ef688ffe12a91896232b6adeab693aa86fc79717d0c304093ec007a67492be23c2ded65f04118b0c080222e

  • SSDEEP

    24576:Tiil7t613rOauk7EUbBCcn3dCjgrxmPxOGcvQ2EodKGPavD9eKKbEHQFDizxajRT:/F4Z3oZITQEPkc7viIVP

Score
10/10
meduzacollectiondiscoveryspywarestealer

Malware Config

Extracted

Family

meduza

C2

147.45.44.216

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    961

  • grabber_max_size

    1.048576e+06

  • port

    15666

  • self_destruct

    true

Targets

    • Target

      566ba3327696259d85d67a11b59ce380.exe

    • Size

      3.1MB

    • MD5

      566ba3327696259d85d67a11b59ce380

    • SHA1

      93d30a7208307eec594b60b9909aa0c095eea6f5

    • SHA256

      7e862d24eb0a3d7b1c5eec79d69be0b4269700c2cf4b5b868ea9c02b6fa6b6b5

    • SHA512

      bbc4ba6ce993b89dead9e287670de574da29f9890ef688ffe12a91896232b6adeab693aa86fc79717d0c304093ec007a67492be23c2ded65f04118b0c080222e

    • SSDEEP

      24576:Tiil7t613rOauk7EUbBCcn3dCjgrxmPxOGcvQ2EodKGPavD9eKKbEHQFDizxajRT:/F4Z3oZITQEPkc7viIVP

    Score
    10/10
    meduzacollectiondiscoveryspywarestealer

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Meduza family

      meduza

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks