Resubmissions

20/02/2025, 10:26

250220-mgk2kssrbl 9

20/02/2025, 10:13

250220-l868fssmds 8

20/02/2025, 09:48

250220-ls8rcasjaw 10

20/02/2025, 09:41

250220-lnzymsskgn 10

General

  • Target

    qr-code.png

  • Size

    21KB

  • Sample

    250220-ls8rcasjaw

  • MD5

    48405ae35cd148c57494edc4bac3d387

  • SHA1

    8032d3501fcecd4cd50259d24835ca6bc2996164

  • SHA256

    47310c56561c49371d9365b765792aacb7613c8ad566e3f6aec43aa8517e041f

  • SHA512

    928ff81abf044e238cfc21b06b543673baa2198ef852bc20a7fbf58aacfa3df16c4458632714f308a4841070a6478f20f737cb65c1cef423d83ef287c657e670

  • SSDEEP

    48:sQGcxn8CTL6QT0KNHcRtWSt5SmVjCuqJXkYQEB11ov5N:HLnFL6QTZNHQWRmVjck/21S5N

Malware Config

Targets

    • Target

      qr-code.png

    • Size

      21KB

    • MD5

      48405ae35cd148c57494edc4bac3d387

    • SHA1

      8032d3501fcecd4cd50259d24835ca6bc2996164

    • SHA256

      47310c56561c49371d9365b765792aacb7613c8ad566e3f6aec43aa8517e041f

    • SHA512

      928ff81abf044e238cfc21b06b543673baa2198ef852bc20a7fbf58aacfa3df16c4458632714f308a4841070a6478f20f737cb65c1cef423d83ef287c657e670

    • SSDEEP

      48:sQGcxn8CTL6QT0KNHcRtWSt5SmVjCuqJXkYQEB11ov5N:HLnFL6QTZNHQWRmVjck/21S5N

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

    • Meduza Stealer payload

    • Meduza family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Network Share Discovery

      Attempt to gather information on host network.

MITRE ATT&CK Enterprise v15

Tasks