Overview

overview

10

Static

static

3

win10

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    king_0x0001571ACDBAB503.exe

  • Size

    1.5MB

  • Sample

    240615-wq9wqstdql

  • MD5

    15d9dc56b9a997471275fb1281048971

  • SHA1

    8cc0fcec88880863806a689529a23e530167bed6

  • SHA256

    aa46a10b5392afadabb645417e88a32a95a82796b4b9517ea983ee589ed78ab6

  • SHA512

    e9b80928c969568fbfc03392e1859b36f1eb64e79975b8881170c9eb4c59d2b080ad715b7938bdfd617d9c833413064dd329d5e128aafdd2ffd18b162f17f781

  • SSDEEP

    24576:n37gywC0vAr0GWnb/qKoBLgSeUs0UcRVjb+1K0XtA:376vtnlYs0Za1Kt

Score
10/10
meduzacollectiondiscoveryspywarestealer

Malware Config

Targets

    • Target

      king_0x0001571ACDBAB503.exe

    • Size

      1.5MB

    • MD5

      15d9dc56b9a997471275fb1281048971

    • SHA1

      8cc0fcec88880863806a689529a23e530167bed6

    • SHA256

      aa46a10b5392afadabb645417e88a32a95a82796b4b9517ea983ee589ed78ab6

    • SHA512

      e9b80928c969568fbfc03392e1859b36f1eb64e79975b8881170c9eb4c59d2b080ad715b7938bdfd617d9c833413064dd329d5e128aafdd2ffd18b162f17f781

    • SSDEEP

      24576:n37gywC0vAr0GWnb/qKoBLgSeUs0UcRVjb+1K0XtA:376vtnlYs0Za1Kt

    Score
    10/10
    meduzacollectiondiscoveryspywarestealer

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

      stealermeduza

    • Meduza Stealer payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks