meduza | 1532-0-0x0000000140000000-0x0000000140141000-memory[.]dmp | Triage

Sharing

General

Target

1532-0-0x0000000140000000-0x0000000140141000-memory.dmp
Size

1.3MB
MD5

8dfccfea06123d3d441b238e4753709d
SHA1

c9693975bc16aeecc08656b11f190c3f0b3d50df
SHA256

8ee8d629f1f7cb6fb758676cc8b7e551e1008d3fb7a807d3a323673de7e24730
SHA512

4a76a04303c53aada396bc1226e1213cc68ad3874811fdfa3c35b398114f9742cf8715d4a75cb13179b89d2d38885d95d01091941d94a41b7adeb6eceded9cad
SSDEEP

24576:ngAMXnXkciEIMJQZYz8s9Mjemp5wx1wath0lhSMXl5aT+d:g3Xn0ciEIpu8s+egSx+aEpaTK

Score

10^/10

1 meduza

Malware Config

Extracted

Family

meduza

Botnet

1

C2

77.239.121.89

Attributes

anti_dbg
true
anti_vm
true
build_name
1
extensions
.txt; .doc; .xlsx
grabber_maximum_size
4194304
port
15666
self_destruct
false

Signatures

Meduza Stealer payload 1 IoCs

resource	yara_rule
sample	family_meduza

Meduza family
meduza

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1532-0-0x0000000140000000-0x0000000140141000-memory.dmp

Files

1532-0-0x0000000140000000-0x0000000140141000-memory.dmp
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ