meduza | cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8 | Triage

Submit
Reports

Overview

overview

Static

static

3

Bootstrapp...2).exe

windows11-21h2-x64

Bootstrapp...2).exe

windows7-x64

1

Sharing

General

Target

BootstrapperNew (2).exe
Size

2.9MB
Sample

250220-jtgyxazmfx
MD5

f227cdfd423b3cc03bb69c49babf4da3
SHA1

3db5a97d9b0f2545e7ba97026af6c28512200441
SHA256

cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8
SHA512

b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e
SSDEEP

49152:xlcyXfHnaBTof9ePCjkIAm1skqXfd+/9A9ByClY1v/a/ehH7pNLLn2:DZXfHaFoCIvqkqXf0FglY1XOe97vLn

Score

10^/10

meduza defense_evasion discovery execution stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BootstrapperNew (2).exe

Resource

win11-20250217-en

meduza defense_evasion discovery execution stealer themida trojan

windows11-21h2-x64

21 signatures

900 seconds

Behavioral task

behavioral2

Sample

BootstrapperNew (2).exe

Resource

win7-20241010-en

windows7-x64

0 signatures

900 seconds

Malware Config

Targets

- Target
  
  BootstrapperNew (2).exe
- Size
  
  2.9MB
- MD5
  
  f227cdfd423b3cc03bb69c49babf4da3
- SHA1
  
  3db5a97d9b0f2545e7ba97026af6c28512200441
- SHA256
  
  cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8
- SHA512
  
  b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e
- SSDEEP
  
  49152:xlcyXfHnaBTof9ePCjkIAm1skqXfd+/9A9ByClY1v/a/ehH7pNLLn2:DZXfHaFoCIvqkqXf0FglY1XOe97vLn
Score

10^/10

meduza defense_evasion discovery execution stealer themida trojan
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Share Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

meduzadefense_evasiondiscoveryexecutionstealerthemidatrojan

behavioral2

© 2018-2025

Terms | Privacy