General
-
Target
Warzone_Unlock_All_Tool_2.2.zip
-
Size
85.8MB
-
Sample
250316-mg1f9s1rx7
-
MD5
ba93079e300badc1bb3c1d6350c91c5e
-
SHA1
9a19059f089d7dcc607e8dd38077deddf39bedb8
-
SHA256
6db74250d83e75eda76a61af409c1987b0cfa6568feb4ff6d4dd1309053b1610
-
SHA512
790659e136a160f6a24b2983b6f8c659c4da77c2f276bd2f999017998acc3450dd270920e8b7ad5ddadd2608aed425028e203564fdd48a91d95207ee48857b5a
-
SSDEEP
1572864:uW4dh4O3Dz4xNpUm5Qs1K/wLBNiWR1Px22wQrkXlnhGuO6ypKmN7qx3RiZ4gWRp:JIq0DWph1KIRR1PxxeXJIugKm1q5TgMp
Static task
static1
Behavioral task
behavioral1
Sample
Warzone_Unlock_All_Tool_2.2.zip
Resource
win11-20250314-en
Behavioral task
behavioral2
Sample
60212957b9a2f6732f160e0070b373fe.bak
Resource
win11-20250314-en
Behavioral task
behavioral3
Sample
Warzone_Unlock_All_Tool.exe
Resource
win11-20250314-en
Behavioral task
behavioral4
Sample
c11eb6b9290acb12dc21c3e0b9549701.log
Resource
win11-20250314-en
Malware Config
Extracted
meduza
1
45.93.20.15
-
anti_dbg
true
-
anti_vm
true
-
build_name
1
-
extensions
.txt; .doc; .xlsx
-
grabber_maximum_size
4194304
-
port
15666
-
self_destruct
false
Targets
-
-
Target
Warzone_Unlock_All_Tool_2.2.zip
-
Size
85.8MB
-
MD5
ba93079e300badc1bb3c1d6350c91c5e
-
SHA1
9a19059f089d7dcc607e8dd38077deddf39bedb8
-
SHA256
6db74250d83e75eda76a61af409c1987b0cfa6568feb4ff6d4dd1309053b1610
-
SHA512
790659e136a160f6a24b2983b6f8c659c4da77c2f276bd2f999017998acc3450dd270920e8b7ad5ddadd2608aed425028e203564fdd48a91d95207ee48857b5a
-
SSDEEP
1572864:uW4dh4O3Dz4xNpUm5Qs1K/wLBNiWR1Px22wQrkXlnhGuO6ypKmN7qx3RiZ4gWRp:JIq0DWph1KIRR1PxxeXJIugKm1q5TgMp
Score4/10 -
-
-
Target
60212957b9a2f6732f160e0070b373fe.bak
-
Size
78.8MB
-
MD5
ec651ddafc3450f2c601959d0f581e79
-
SHA1
38b44bd71c47aa3fe81ab984dd3f4578c1173759
-
SHA256
d3b82fcdfe1fec82c9b5b484ee5691a837dd1b9068887f66e62279eb30c41697
-
SHA512
ba9d4ecc8cb6936b6eaf5316ad4e55b25d42b5093c8eb1c9db0290943326d3b948326d46e459ce7475c50091144d53966fd2dceb08219513aee280a8dcce818f
-
SSDEEP
1572864:Jispx8arhHoJdni6BqWryRypnj6wJL5lIwseJYFfjPqSMqanokZBeXAV7gL5:cgmohun1ryMBJL5lxOF7yScokfeXYU
Score3/10 -
-
-
Target
Warzone_Unlock_All_Tool.exe
-
Size
201KB
-
MD5
2696d944ffbef69510b0c826446fd748
-
SHA1
e4106861076981799719876019fe5224eac2655c
-
SHA256
a4f53964cdddcccbd1b46da4d3f7f5f4292b5dd11c833d3db3a1e7def36da69a
-
SHA512
c286bc2da757cbb2a28cf516a4a273dd11b15f674d5f698a713dc794f013b7502a8893ab6041e51bab3cdd506a18c415b9df8483b19e312f8fcb88923f42b8eb
-
SSDEEP
3072:gyOSSX7XA5RwkP10/Cg+ufLLobyT9S9jHkQPEZS0bGAPo:tEXjA5yBF+ma9jHfPITGb
-
Meduza Stealer payload
-
Meduza family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
c11eb6b9290acb12dc21c3e0b9549701.log
-
Size
6.9MB
-
MD5
d6e8748b12834d76f388b96a2ba1557f
-
SHA1
abdc873979bf2a345ee9dc08a65e32b76b588ae1
-
SHA256
faff1a1bf3e245b215e54111291c2eb2e521937644050ba7dfdb41622f8bf22c
-
SHA512
0bca9e2e0e4216b96e86d6988a945fd9e7ba567a2fe59ccb1e79c7dbe5343352e4abaf87dc952f8caaf1dd51ab3052b9180c484254d81955e7a1b5e19d40a0cf
-
SSDEEP
196608:DWybSLP2+04wAZfix/mQBONjFHntIPvEg76Q4b0q7:ToP25pAZaxQHHntInlrfq7
Score3/10 -
-
-
Target
iviewers.dll
-
Size
83KB
-
MD5
5649b671dabb89dd275575188cd9bf51
-
SHA1
25f3dbb4fe5c13ea06a43efd8abae7bfd6c0e05c
-
SHA256
c5c48516e26cd796404e77b9275a976ec4b4f75a70e04ff7781203ee5da59cc1
-
SHA512
74e5f13719eba0e5fa2750225bcced7a40bb48a02d6df693cd70141219707fb5392851128bff7d0fbb9e471e414e9bd0a34deda2e9de4e9fd456d390374790fc
-
SSDEEP
1536:ybo5eK+wzZQ1LRC7ivPv8ZqTfXeqvz+NBGQS18sWpcdVQ/LHWeDCf7/P/:ys5tXVQLRC7iv4qTvcGQS1VQ/jWeDCfb
-
Meduza Stealer payload
-
Meduza family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1