meduza | 3240-0-0x0000000140000000-0x0000000140141000-memory[.]dmp | Triage

Sharing

General

Target

3240-0-0x0000000140000000-0x0000000140141000-memory.dmp
Size

1.3MB
MD5

0dd341e9543abbcdf21351dd4b19883f
SHA1

193b10715a24e3c85c8255aa4e84c6652f55f573
SHA256

3fed97ddb2984bf4a3d2bc8a4eb2b71524afb5305c28a5df5258e56ceab99234
SHA512

4b265773f29a92d0cfe10e108906ff562cfea98d32dc8a5520740565519f2ec4ec6d2e6d9fcc5c98d61ee421f111676b8b7dc9da0cffaf6d52fc8cb04e4407d5
SSDEEP

24576:ngAMXnXkciEIMJQZYz8s9Mjemp5wx1wa/h0lhSMXl5aT+d:g3Xn0ciEIpu8s+egSx+a+paTK

Score

10^/10

1 meduza

Malware Config

Extracted

Family

meduza

Botnet

1

C2

77.239.121.89

Attributes

anti_dbg
true
anti_vm
true
build_name
1
extensions
.txt; .doc; .xlsx
grabber_maximum_size
4194304
port
15666
self_destruct
false

Signatures

Meduza Stealer payload 1 IoCs

resource	yara_rule
sample	family_meduza

Meduza family
meduza

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3240-0-0x0000000140000000-0x0000000140141000-memory.dmp

Files

3240-0-0x0000000140000000-0x0000000140141000-memory.dmp
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ