General

  • Target

    Capture d’écran 2024-11-22 155137.png

  • Size

    43KB

  • Sample

    250220-k85tys1nhz

  • MD5

    1786b6245aec7ed4d3553c0358cb5569

  • SHA1

    5540f8d110663f29c3706423fccfba798e0a58b5

  • SHA256

    f0854186d24200fe697aaa20459a7eb8263734998c79e46f7c91c96e81ec0ee5

  • SHA512

    5a16b08121567f0c7049b225c75dcf08c2c3e94ac55eafe6a8c3f2c969c4d6f8b07fb2d2df5c06e81d2fec77f1906dc85a11d999b518c25fb6405b5822ad7c66

  • SSDEEP

    768:ZJYDvtUYcxovnLjceXKbIWenuCYEGsOSNxOsgJhYQHOhFAdOAmRPusawWu:ZJEUpxovnLoeXKjNCYEGlnJGQHrdOAmd

Malware Config

Targets

    • Target

      Capture d’écran 2024-11-22 155137.png

    • Size

      43KB

    • MD5

      1786b6245aec7ed4d3553c0358cb5569

    • SHA1

      5540f8d110663f29c3706423fccfba798e0a58b5

    • SHA256

      f0854186d24200fe697aaa20459a7eb8263734998c79e46f7c91c96e81ec0ee5

    • SHA512

      5a16b08121567f0c7049b225c75dcf08c2c3e94ac55eafe6a8c3f2c969c4d6f8b07fb2d2df5c06e81d2fec77f1906dc85a11d999b518c25fb6405b5822ad7c66

    • SSDEEP

      768:ZJYDvtUYcxovnLjceXKbIWenuCYEGsOSNxOsgJhYQHOhFAdOAmRPusawWu:ZJEUpxovnLoeXKjNCYEGlnJGQHrdOAmd

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

    • Meduza Stealer payload

    • Meduza family

    • Path Permission

      Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.

    • Gatekeeper Bypass

      Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.

MITRE ATT&CK Enterprise v15

Tasks