General
-
Target
BootstrapperNew (2).exe
-
Size
2.9MB
-
Sample
250220-j5w7zaslv8
-
MD5
f227cdfd423b3cc03bb69c49babf4da3
-
SHA1
3db5a97d9b0f2545e7ba97026af6c28512200441
-
SHA256
cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8
-
SHA512
b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e
-
SSDEEP
49152:xlcyXfHnaBTof9ePCjkIAm1skqXfd+/9A9ByClY1v/a/ehH7pNLLn2:DZXfHaFoCIvqkqXf0FglY1XOe97vLn
Malware Config
Targets
-
-
Target
BootstrapperNew (2).exe
-
Size
2.9MB
-
MD5
f227cdfd423b3cc03bb69c49babf4da3
-
SHA1
3db5a97d9b0f2545e7ba97026af6c28512200441
-
SHA256
cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8
-
SHA512
b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e
-
SSDEEP
49152:xlcyXfHnaBTof9ePCjkIAm1skqXfd+/9A9ByClY1v/a/ehH7pNLLn2:DZXfHaFoCIvqkqXf0FglY1XOe97vLn
Score10/10-
Meduza
Meduza is a crypto wallet and info stealer written in C++.
-
Meduza Stealer payload
-
Meduza family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Network Share Discovery
Attempt to gather information on host network.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-