Overview
overview
10Static
static
3517b4e9dea...21.dat
windows7-x64
3517b4e9dea...21.dat
windows10-2004-x64
36a7718c005...82.bin
windows7-x64
36a7718c005...82.bin
windows10-2004-x64
36b5fcc0618...f1.txt
windows7-x64
16b5fcc0618...f1.txt
windows10-2004-x64
170949548f4...7e.txt
windows7-x64
170949548f4...7e.txt
windows10-2004-x64
1Polysy_Launcher.exe
windows10-2004-x64
10a48116275b...82.dat
windows7-x64
3a48116275b...82.dat
windows10-2004-x64
3iviewers.dll
windows7-x64
8iviewers.dll
windows10-2004-x64
10Resubmissions
07/03/2025, 03:43
250307-ead1pas1d1 10General
-
Target
Polysy_Tool_Pro_Edition.zip
-
Size
110.0MB
-
Sample
250307-ead1pas1d1
-
MD5
b60609aeaa3cd612456a176f120d7900
-
SHA1
c1280bcddeaaf800732fb9f45af2bdff36dbe7d4
-
SHA256
86c5fbaec4886b844cbcf2376968430ecbd7a9b51dcf09fc9fe954b49fe6fe53
-
SHA512
179a73055096a21547e7e457bac999c423c9c1d3ea1dcea5581977571c1531dc1161f03a792c49eae746843e8fd1cc846e0adde1b149791af7cc3caa2ac7e343
-
SSDEEP
3145728:73lak6DIrjDrAnejuGEcrdBhnJSXGWmYR2G2:iIDEguGEcDhnJS2WmY0r
Static task
static1
Behavioral task
behavioral1
Sample
517b4e9dea5396ee6996f1ae35291121.dat
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
517b4e9dea5396ee6996f1ae35291121.dat
Resource
win10v2004-20250217-en
Behavioral task
behavioral3
Sample
6a7718c005eed33ce409b03914a5b782.bin
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
6a7718c005eed33ce409b03914a5b782.bin
Resource
win10v2004-20250217-en
Behavioral task
behavioral5
Sample
6b5fcc06180fde176b0cbef028282df1.txt
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
6b5fcc06180fde176b0cbef028282df1.txt
Resource
win10v2004-20250217-en
Behavioral task
behavioral7
Sample
70949548f432b49d62b8b4a1cddbc07e.txt
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
70949548f432b49d62b8b4a1cddbc07e.txt
Resource
win10v2004-20250217-en
Behavioral task
behavioral9
Sample
Polysy_Launcher.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral10
Sample
a48116275bbf2d3781a72732edfad182.dat
Resource
win7-20240903-en
Behavioral task
behavioral11
Sample
a48116275bbf2d3781a72732edfad182.dat
Resource
win10v2004-20250217-en
Behavioral task
behavioral12
Sample
iviewers.dll
Resource
win7-20240903-en
Malware Config
Extracted
meduza
2
45.93.20.15
-
anti_dbg
true
-
anti_vm
true
-
build_name
2
-
extensions
.txt; .doc; .xlsx
-
grabber_maximum_size
4194304
-
port
15666
-
self_destruct
false
Targets
-
-
Target
517b4e9dea5396ee6996f1ae35291121.dat
-
Size
23.8MB
-
MD5
7ad8c9f2be167c90bae1ebeec2787706
-
SHA1
9fd65dffa03fc0d705bd20f2ab45695be426e485
-
SHA256
adcf7c0e2c61eaa09ac57324afa4534f27f9a756edba38ec99ef17e08dd14415
-
SHA512
d080ca7ae81a6742844cefbac6088fa6e758fdb0f078795d0c1f81c4222d44cd1801bea7bdde446944f7ea1569d1243ca191a5b70fab3ea3a2b6d00bafa7f05c
-
SSDEEP
393216:jli2ZBsnG2jK5wwi4OAVbqCrEhoIBaNbNDkIrsmrgOteX8aP+UDpYVv8t55a:hsndjawwi4OAoCaPaNDsNOosa2k+VvWK
Score3/10 -
-
-
Target
6a7718c005eed33ce409b03914a5b782.bin
-
Size
20.4MB
-
MD5
943e1d89214f1bacbb44013b0868074c
-
SHA1
0e97341c28725979410c0ffd9cde9119688d18cb
-
SHA256
9c5be8ef39305a0f8157ef34d38bd4d8e166930d4f698aab93104048700deb07
-
SHA512
c406989fc578d5d8c5212b7f17651371294a881283b1b2c2735e21bee24c921429c728978b0742597a7367d8ee97738f012ead663646a043cab7c2bea719a6ac
-
SSDEEP
393216:UWrmKiWpcSHbUkRVjW/6zdY4KITmDiBRsKR8trA3/m+Xn1Ul5s0v:/SKi4oHiRGAmD08pg/my1Ul5sa
Score3/10 -
-
-
Target
6b5fcc06180fde176b0cbef028282df1.txt
-
Size
23.4MB
-
MD5
f6aef251d15a856c651f6d1ef9613c0f
-
SHA1
41e46b138aded091449bad8d45120c53f774d7c0
-
SHA256
b8e4be4abdbf09d2ff6f0983371cbbda74775e1285eeb2c5871c7b346dfa68df
-
SHA512
35f74c4200634b09eb257cf9075de75ba2a0765ff7a2457f4111286386ee9e0deb3e706c6e2e7e7bd6ddf0e3d8f818796c6eefa414dc0ce2467b1cab3b4b3c94
-
SSDEEP
393216:y8WoFTFaRtdtsARrJPps3ApCWLQxeKAImGxk7beAEIaspLf5uuZ9FpFJLgGP:6o5FardaARhuwRti0qAEH4XAi
Score1/10 -
-
-
Target
70949548f432b49d62b8b4a1cddbc07e.txt
-
Size
21.7MB
-
MD5
443e2f870866ea5367d749da755d3c10
-
SHA1
2051e127ba30bfe5d2fc32e3a08c11910daa5e28
-
SHA256
deb34a857e4cfecfc736aa74503f2d8a8b6e821c41f6a6ffbd15b8bad421e421
-
SHA512
fd6a3fc1b1ef040357274005adfe38f85b2197c3b364004c707051a5261dc36998f098dd5a4661714cd42bc86764025b13d2ac134d997669299995a92c3ece51
-
SSDEEP
393216:P7Jyt6LWxIU5OAl2aHcEmQVwOK7axCmCHRMWHemLl2wTPyNSVffijefDo1:DJUI3eN3HcETw3aCmORQKl2w2MVAefk1
Score1/10 -
-
-
Target
Polysy_Launcher.exe
-
Size
201KB
-
MD5
2696d944ffbef69510b0c826446fd748
-
SHA1
e4106861076981799719876019fe5224eac2655c
-
SHA256
a4f53964cdddcccbd1b46da4d3f7f5f4292b5dd11c833d3db3a1e7def36da69a
-
SHA512
c286bc2da757cbb2a28cf516a4a273dd11b15f674d5f698a713dc794f013b7502a8893ab6041e51bab3cdd506a18c415b9df8483b19e312f8fcb88923f42b8eb
-
SSDEEP
3072:gyOSSX7XA5RwkP10/Cg+ufLLobyT9S9jHkQPEZS0bGAPo:tEXjA5yBF+ma9jHfPITGb
-
Meduza Stealer payload
-
Meduza family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
a48116275bbf2d3781a72732edfad182.dat
-
Size
20.6MB
-
MD5
3e2bec14e1670971de9139a3d1871a35
-
SHA1
bb7feebb33bc2c69dd6910233c8210da996adab2
-
SHA256
c6adbc93211f13438fbeaae5cee03d8cb79b2167ac99719f9f44364f7877ed57
-
SHA512
a6f40572a48f3c6bc854c017bc7c478a7502ebfbf812e7244a23f2835a1ba2ed39a70ad175aa00cb802be4288f0c5bb9ecfc485c6fa7ca2708e83393da648089
-
SSDEEP
393216:P5IYftFepPCb1I7ZxUqPY0XYVDE2ccv/8iOoSW0HPneXFYij4XTPhxlmBYzi:P3regbm7ZFbao2cE/8SSW0veVYij4NxA
Score3/10 -
-
-
Target
iviewers.dll
-
Size
83KB
-
MD5
5d57d199c4418e0cd2305dbe761ec9ae
-
SHA1
9dfdaf2c9f92c1d6bf3ac1d65d0fbca32e2f0359
-
SHA256
be71bb6d00d2759b6e925249307d08f900ddfc48744b6b3a1cac2e6100724c37
-
SHA512
8817eea5118074e95d9e2d3ac5a4216959122d3379add8d250c29e1e18403d9c5e95f8d5f687db8995183cfb6418e696553ca0ad3f4e7ab363cf341b7e3e239b
-
SSDEEP
1536:vbo5eK+wzZQ1LRC7ivPv8ZqTfXeqvz+NBGQS18sWpcdVQPLHWeDCf7/P/:vs5tXVQLRC7iv4qTvcGQS1VQPjWeDCfb
-
Meduza Stealer payload
-
Meduza family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1