meduza | ad07503bc046f5b3d65eb61646fa826bc39560916c6e1ef2c3437b6465b30a82 | Triage

Submit
Reports

Overview

overview

Static

static

3

5790d1417f...9c.exe

windows10-2004-x64

Sharing

General

Target

5790d1417f8f00bd7ec6fb7011c79d9c.exe
Size

157KB
Sample

240416-rgn6fsde8s
MD5

5790d1417f8f00bd7ec6fb7011c79d9c
SHA1

36076ed9457c45d94e664ea291eb01e5c70d084b
SHA256

ad07503bc046f5b3d65eb61646fa826bc39560916c6e1ef2c3437b6465b30a82
SHA512

b19195510624ad16a4730282c97b68d05e4890a33d91f86f24eaf921e23e7786649e4e31aaaec2d9d6c7bb3695c615851d7aed3e53b13083e03acbc8d0543ef0
SSDEEP

3072:XahKyd2n31D5GWp1icKAArDZz4N9GhbkrNEk1eT:XahOfp0yN90QEB

Score

10^/10

meduza zgrat collection persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5790d1417f8f00bd7ec6fb7011c79d9c.exe

Resource

win10v2004-20240412-en

meduza zgrat collection persistence rat stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

meduza

C2

109.107.181.83

Targets

- Target
  
  5790d1417f8f00bd7ec6fb7011c79d9c.exe
- Size
  
  157KB
- MD5
  
  5790d1417f8f00bd7ec6fb7011c79d9c
- SHA1
  
  36076ed9457c45d94e664ea291eb01e5c70d084b
- SHA256
  
  ad07503bc046f5b3d65eb61646fa826bc39560916c6e1ef2c3437b6465b30a82
- SHA512
  
  b19195510624ad16a4730282c97b68d05e4890a33d91f86f24eaf921e23e7786649e4e31aaaec2d9d6c7bb3695c615851d7aed3e53b13083e03acbc8d0543ef0
- SSDEEP
  
  3072:XahKyd2n31D5GWp1icKAArDZz4N9GhbkrNEk1eT:XahOfp0yN90QEB
Score

10^/10

meduza zgrat collection persistence rat stealer
- Detect ZGRat V1
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

meduzazgratcollectionpersistenceratstealer

© 2018-2024

Terms | Privacy