Overview
overview
10Static
static
3Wild Reborn.7z
windows10-2004-x64
10Wild Reborn.7z
windows10-ltsc 2021-x64
1Wild Reborn.7z
windows11-21h2-x64
1VC_redist....1).exe
windows10-2004-x64
7VC_redist....1).exe
windows10-ltsc 2021-x64
7VC_redist....1).exe
windows11-21h2-x64
7Wild Reborn.exe
windows10-2004-x64
3Wild Reborn.exe
windows10-ltsc 2021-x64
3Wild Reborn.exe
windows11-21h2-x64
3vcredist_x...2).exe
windows10-2004-x64
7vcredist_x...2).exe
windows10-ltsc 2021-x64
7vcredist_x...2).exe
windows11-21h2-x64
7vcredist_x...3).exe
windows10-2004-x64
7vcredist_x...3).exe
windows10-ltsc 2021-x64
7vcredist_x...3).exe
windows11-21h2-x64
7Инстр...я.txt
windows10-2004-x64
1Инстр...я.txt
windows10-ltsc 2021-x64
1Инстр...я.txt
windows11-21h2-x64
3General
-
Target
Wild Reborn.7z
-
Size
47.6MB
-
Sample
250302-tc11kayjt5
-
MD5
ccb8604309826c5ef39da9da9843e6e7
-
SHA1
fb4fc3b201bcc2dfca10bff71044d36e60e1308b
-
SHA256
e6a7f8e9092115954fd820563d2888d4fc7a699186b87c41737c6bf4cf8d1952
-
SHA512
28818c22cdda3bb0a468ce2a9b779006c92406240dc91117fee1605a345bcbd7ff892046e8d79e8bc2cfff9df59ac00596caa575eaeddbb5e92796ee5af586f8
-
SSDEEP
786432:6OTMKVpQxry3X/8j+j2O7EvBieLFktx9t4CL0s1zkdCu076HssrgQ4ymPeGikXee:6OTMKVpB3X/8jAN7EEeCdt6mMCuyNxyQ
Static task
static1
Behavioral task
behavioral1
Sample
Wild Reborn.7z
Resource
win10v2004-20250217-en
Behavioral task
behavioral2
Sample
Wild Reborn.7z
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral3
Sample
Wild Reborn.7z
Resource
win11-20250217-en
Behavioral task
behavioral4
Sample
VC_redist.x64 - (1).exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral5
Sample
VC_redist.x64 - (1).exe
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral6
Sample
VC_redist.x64 - (1).exe
Resource
win11-20250217-en
Behavioral task
behavioral7
Sample
Wild Reborn.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral8
Sample
Wild Reborn.exe
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral9
Sample
Wild Reborn.exe
Resource
win11-20250217-en
Behavioral task
behavioral10
Sample
vcredist_x64 - (2).exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral11
Sample
vcredist_x64 - (2).exe
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral12
Sample
vcredist_x64 - (2).exe
Resource
win11-20250217-en
Behavioral task
behavioral13
Sample
vcredist_x64 - (3).exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral14
Sample
vcredist_x64 - (3).exe
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral15
Sample
vcredist_x64 - (3).exe
Resource
win11-20250217-en
Behavioral task
behavioral16
Sample
Инструкция.txt
Resource
win10v2004-20250217-en
Behavioral task
behavioral17
Sample
Инструкция.txt
Resource
win10ltsc2021-20250217-en
Behavioral task
behavioral18
Sample
Инструкция.txt
Resource
win11-20250217-en
Malware Config
Extracted
meduza
5
77.239.119.53
-
anti_dbg
true
-
anti_vm
true
-
build_name
5
-
extensions
.txt; .doc; .xlsx
-
grabber_maximum_size
4194304
-
port
15666
-
self_destruct
false
Targets
-
-
Target
Wild Reborn.7z
-
Size
47.6MB
-
MD5
ccb8604309826c5ef39da9da9843e6e7
-
SHA1
fb4fc3b201bcc2dfca10bff71044d36e60e1308b
-
SHA256
e6a7f8e9092115954fd820563d2888d4fc7a699186b87c41737c6bf4cf8d1952
-
SHA512
28818c22cdda3bb0a468ce2a9b779006c92406240dc91117fee1605a345bcbd7ff892046e8d79e8bc2cfff9df59ac00596caa575eaeddbb5e92796ee5af586f8
-
SSDEEP
786432:6OTMKVpQxry3X/8j+j2O7EvBieLFktx9t4CL0s1zkdCu076HssrgQ4ymPeGikXee:6OTMKVpB3X/8jAN7EEeCdt6mMCuyNxyQ
-
Meduza Stealer payload
-
Meduza family
-
Creates new service(s)
-
Stops running service(s)
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
VC_redist.x64 - (1).exe
-
Size
24.2MB
-
MD5
1d545507009cc4ec7409c1bc6e93b17b
-
SHA1
84c61fadf8cd38016fb7632969b3ace9e54b763a
-
SHA256
3642e3f95d50cc193e4b5a0b0ffbf7fe2c08801517758b4c8aeb7105a091208a
-
SHA512
5935b69f5138ac3fbc33813c74da853269ba079f910936aefa95e230c6092b92f6225bffb594e5dd35ff29bf260e4b35f91adede90fdf5f062030d8666fd0104
-
SSDEEP
786432:tSp+Ty2SfUfnbDDko5dFMYqlQbgAVLSElbmucMuZZxs6Sf:4p+Ty2SfWnHDk8FjVbfzPTq4
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Wild Reborn.exe
-
Size
59.7MB
-
MD5
1e7565f891c766aad94f941c541a53cc
-
SHA1
29645ed4f4e612d4b69a44cae82d4946ce3fca8c
-
SHA256
532a4599883f61688c96843898ec634969a5934fc4a7c5c8eb913be9eb77e708
-
SHA512
42438b34b11f08d2e650f298d5cdf6066537e0c7d6932511e31a78050ac8bcc7cb1d10213333264d330ff1540931c48c2b40d0b74c8cf5ce99336419d573411f
-
SSDEEP
786432:O9T/j0BmSyv3+gc5ibDB28+oFwjvYKM289vy3TOZ34wWIN34w:O9T/jemSyvf28+u289l4ul
Score3/10 -
-
-
Target
vcredist_x64 - (2).exe
-
Size
6.9MB
-
MD5
49b1164f8e95ec6409ea83cdb352d8da
-
SHA1
1194e6bf4153fa88f20b2a70ac15bc359ada4ee2
-
SHA256
a4bba7701e355ae29c403431f871a537897c363e215cafe706615e270984f17c
-
SHA512
29b65e45ce5233f5ad480673752529026f59a760466a1026bb92fc78d1ccc82396ecb8f07b0e49c9b2315dbef976cb417273c77f4209475036775fe687dd2d60
-
SSDEEP
196608:bPwMcp4zKAKpCPhD5nsF5GBAiSG5VtJFeHi:0McAWKJsF5vib5VtTeC
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
vcredist_x64 - (3).exe
-
Size
6.9MB
-
MD5
49b1164f8e95ec6409ea83cdb352d8da
-
SHA1
1194e6bf4153fa88f20b2a70ac15bc359ada4ee2
-
SHA256
a4bba7701e355ae29c403431f871a537897c363e215cafe706615e270984f17c
-
SHA512
29b65e45ce5233f5ad480673752529026f59a760466a1026bb92fc78d1ccc82396ecb8f07b0e49c9b2315dbef976cb417273c77f4209475036775fe687dd2d60
-
SSDEEP
196608:bPwMcp4zKAKpCPhD5nsF5GBAiSG5VtJFeHi:0McAWKJsF5vib5VtTeC
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
Инструкция.txt
-
Size
360B
-
MD5
9f4ae12f3a31a749f7e1ca9e9e589f78
-
SHA1
0322a3d4a923c143782ab45fab052e4668825a51
-
SHA256
58bd5e021e6979a26da338146339e0c817576a0221622e9c83882731973ed2da
-
SHA512
88525f62697c17b61bad8bf1597cd5a149cf32faea81aee78f778cfd624fa3c7e0f8b9e2ec71c826712dfd87cc4635ce9ce4a1d79cd06bfd37c28b97b76c8fe0
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Power Settings
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1