meduza | d78d8879a87115794cab50ea760af9b769f77bd21789be9d7ff920742302edf6 | Triage

Submit
Reports

Overview

overview

Static

static

1

Kraken Cheat.rar

windows11-21h2-x64

Sharing

General

Target

Kraken Cheat.rar
Size

10.6MB
Sample

250228-xz3z8avta1
MD5

444fdd75524fa8456d8c6aceab7bcf27
SHA1

24e7184b7e38106803739ca141de1738c6910f5d
SHA256

d78d8879a87115794cab50ea760af9b769f77bd21789be9d7ff920742302edf6
SHA512

2361c25d42a4ee1d376e89d3b04dcd7437b456455ab6c44c321fafbef5d7368d33cf5dabdbd00610bdf41bbca2b7e9a816d02e3c8f9bd403df66e2bf55c6e240
SSDEEP

196608:RbmOKzBSBkDX6+UCcqWEeRf8+STSu+ioBPYSTPhYZzkoDEWMXqgI9dcx/zM:Rbl+BSBkT6+UCeAw9OS9YZAouO+zM

Score

10^/10

meduza 444 collection discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

Kraken Cheat.rar

Resource

win11-20250217-en

meduza 444 collection discovery stealer

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

meduza

Botnet

444

C2

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
444
extensions
none
grabber_maximum_size
1048576
links
none
port
15666
self_destruct
true

Targets

- Target
  
  Kraken Cheat.rar
- Size
  
  10.6MB
- MD5
  
  444fdd75524fa8456d8c6aceab7bcf27
- SHA1
  
  24e7184b7e38106803739ca141de1738c6910f5d
- SHA256
  
  d78d8879a87115794cab50ea760af9b769f77bd21789be9d7ff920742302edf6
- SHA512
  
  2361c25d42a4ee1d376e89d3b04dcd7437b456455ab6c44c321fafbef5d7368d33cf5dabdbd00610bdf41bbca2b7e9a816d02e3c8f9bd403df66e2bf55c6e240
- SSDEEP
  
  196608:RbmOKzBSBkDX6+UCcqWEeRf8+STSu+ioBPYSTPhYZzkoDEWMXqgI9dcx/zM:Rbl+BSBkT6+UCeAw9OS9YZAouO+zM
Score

10^/10

meduza 444 collection discovery stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meduza444collectiondiscoverystealer

© 2018-2025

Terms | Privacy