Resubmissions

20/02/2025, 05:56

250220-gm3kxsxrdx 10

General

  • Target

    de4ed476df7cdbcd737dbd4a8db764cd7d0bca1e6e09748e424645c8a21607d7.exe

  • Size

    2.6MB

  • Sample

    250220-gm3kxsxrdx

  • MD5

    06ff127c1db7dd45b7e368d8f4ba48e4

  • SHA1

    b11dcbd6d3e9e33046b6f2e1698c595d4a566c67

  • SHA256

    de4ed476df7cdbcd737dbd4a8db764cd7d0bca1e6e09748e424645c8a21607d7

  • SHA512

    5378ffb98c7a1cfa9c74ceb3f2f016f48e96dcce9444cb5d8b84f5f070741e06a5e040225386c7f55e3025d2d39513bd682519f42c4c223b0c3655d79a1d901a

  • SSDEEP

    24576:V9L8hJZ4uB+Ch0lhSMXlXCtNCvyoPyRxsVTcu6WjZEt2WVNW9+y5Q:PL8hD4aunCuxyRxsVT36WeVg+

Score
10/10

Malware Config

Extracted

Family

meduza

Botnet

SEO2.0

C2

45.130.145.152

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    SEO2.0

  • extensions

    .txt; .doc; .xlsx

  • grabber_maximum_size

    4194304

  • port

    15666

  • self_destruct

    false

Targets

    • Target

      de4ed476df7cdbcd737dbd4a8db764cd7d0bca1e6e09748e424645c8a21607d7.exe

    • Size

      2.6MB

    • MD5

      06ff127c1db7dd45b7e368d8f4ba48e4

    • SHA1

      b11dcbd6d3e9e33046b6f2e1698c595d4a566c67

    • SHA256

      de4ed476df7cdbcd737dbd4a8db764cd7d0bca1e6e09748e424645c8a21607d7

    • SHA512

      5378ffb98c7a1cfa9c74ceb3f2f016f48e96dcce9444cb5d8b84f5f070741e06a5e040225386c7f55e3025d2d39513bd682519f42c4c223b0c3655d79a1d901a

    • SSDEEP

      24576:V9L8hJZ4uB+Ch0lhSMXlXCtNCvyoPyRxsVTcu6WjZEt2WVNW9+y5Q:PL8hD4aunCuxyRxsVT36WeVg+

    Score
    10/10
    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

    • Meduza Stealer payload

    • Meduza family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks