meduza | 1e420e5baadbba4d35c355869f50d7f46bbc49c2d966577e8c3739b94ed78759 | Triage

Submit
Reports

Overview

overview

Static

static

2025-04-07...ta.exe

windows10-2004-x64

Sharing

General

Target

2025-04-07_c0e184505b8b0a04aaf28ea970ad02a9_black-basta_hijackloader_luca-stealer_neshta
Size

5.8MB
Sample

250407-klcvnaxjy5
MD5

c0e184505b8b0a04aaf28ea970ad02a9
SHA1

faa8992e804b3cd4fbfcee1b6c919388cb322011
SHA256

1e420e5baadbba4d35c355869f50d7f46bbc49c2d966577e8c3739b94ed78759
SHA512

8d95955128d171c576097181a8b5665afce4978cb0acd80b0cf07e1e1ea25027c2d79418cb2bdeb9018f75bcb2fb77c2497bae201ec6ae53c306ae8fe2e9b4ab
SSDEEP

98304:C6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwk:DzNF8IcT48qhFpuj05NLuw

Score

10^/10

meduza neshta discovery persistence spyware stealer

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

2025-04-07_c0e184505b8b0a04aaf28ea970ad02a9_black-basta_hijackloader_luca-stealer_neshta.exe

Resource

win10v2004-20250314-en

meduza neshta discovery persistence spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-04-07_c0e184505b8b0a04aaf28ea970ad02a9_black-basta_hijackloader_luca-stealer_neshta
- Size
  
  5.8MB
- MD5
  
  c0e184505b8b0a04aaf28ea970ad02a9
- SHA1
  
  faa8992e804b3cd4fbfcee1b6c919388cb322011
- SHA256
  
  1e420e5baadbba4d35c355869f50d7f46bbc49c2d966577e8c3739b94ed78759
- SHA512
  
  8d95955128d171c576097181a8b5665afce4978cb0acd80b0cf07e1e1ea25027c2d79418cb2bdeb9018f75bcb2fb77c2497bae201ec6ae53c306ae8fe2e9b4ab
- SSDEEP
  
  98304:C6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwk:DzNF8IcT48qhFpuj05NLuw
Score

10^/10

meduza neshta discovery persistence spyware stealer
- Detect Neshta payload
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meduzaneshtadiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy