General
-
Target
qr-code.png
-
Size
21KB
-
Sample
250220-ls8rcasjaw
-
MD5
48405ae35cd148c57494edc4bac3d387
-
SHA1
8032d3501fcecd4cd50259d24835ca6bc2996164
-
SHA256
47310c56561c49371d9365b765792aacb7613c8ad566e3f6aec43aa8517e041f
-
SHA512
928ff81abf044e238cfc21b06b543673baa2198ef852bc20a7fbf58aacfa3df16c4458632714f308a4841070a6478f20f737cb65c1cef423d83ef287c657e670
-
SSDEEP
48:sQGcxn8CTL6QT0KNHcRtWSt5SmVjCuqJXkYQEB11ov5N:HLnFL6QTZNHQWRmVjck/21S5N
Behavioral task
behavioral1
Sample
qr-code.png
Resource
win10ltsc2021-20250217-en
Malware Config
Targets
-
-
Target
qr-code.png
-
Size
21KB
-
MD5
48405ae35cd148c57494edc4bac3d387
-
SHA1
8032d3501fcecd4cd50259d24835ca6bc2996164
-
SHA256
47310c56561c49371d9365b765792aacb7613c8ad566e3f6aec43aa8517e041f
-
SHA512
928ff81abf044e238cfc21b06b543673baa2198ef852bc20a7fbf58aacfa3df16c4458632714f308a4841070a6478f20f737cb65c1cef423d83ef287c657e670
-
SSDEEP
48:sQGcxn8CTL6QT0KNHcRtWSt5SmVjCuqJXkYQEB11ov5N:HLnFL6QTZNHQWRmVjck/21S5N
Score10/10-
Meduza Stealer payload
-
Meduza family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-