meduza | 2aa321a93bfa09139831e510e3cf9a869ece3d2e00889c846be169963cbb3b34 | Triage

Submit
Reports

Overview

overview

Static

static

1

InvestmentsBreed.exe

windows7-x64

InvestmentsBreed.exe

windows10-1703-x64

InvestmentsBreed.exe

windows10-2004-x64

InvestmentsBreed.exe

windows11-21h2-x64

Sharing

General

Target

InvestmentsBreed.exe
Size

1.6MB
Sample

240702-myxfyasgrj
MD5

93ca970bf446580ce800feb9c3973304
SHA1

c442d46a3bf7abe905f854d2ef5a8bd1ffcef2a8
SHA256

2aa321a93bfa09139831e510e3cf9a869ece3d2e00889c846be169963cbb3b34
SHA512

620213b690cca096a9deb426ab8193394cbb7eaadcbc6c8ead570354f7f265013cac11c8491a2f362c124f643ac0b318161c96c00f0292b0f6bf9426537a0450
SSDEEP

49152:2wimY9PZYPy3bcJnmPgiM+7Zjryr5uCZRk4K25b:2wihPZyyBxVjrwV75b

Score

10^/10

meduza collection discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

InvestmentsBreed.exe

Resource

win7-20240611-en

meduza collection discovery spyware stealer

windows7-x64

22 signatures

300 seconds

Behavioral task

behavioral2

Sample

InvestmentsBreed.exe

Resource

win10-20240404-en

meduza collection discovery spyware stealer

windows10-1703-x64

21 signatures

300 seconds

Behavioral task

behavioral3

Sample

InvestmentsBreed.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

14 signatures

300 seconds

Behavioral task

behavioral4

Sample

InvestmentsBreed.exe

Resource

win11-20240419-en

meduza collection discovery spyware stealer

windows11-21h2-x64

20 signatures

300 seconds

Malware Config

Targets

- Target
  
  InvestmentsBreed.exe
- Size
  
  1.6MB
- MD5
  
  93ca970bf446580ce800feb9c3973304
- SHA1
  
  c442d46a3bf7abe905f854d2ef5a8bd1ffcef2a8
- SHA256
  
  2aa321a93bfa09139831e510e3cf9a869ece3d2e00889c846be169963cbb3b34
- SHA512
  
  620213b690cca096a9deb426ab8193394cbb7eaadcbc6c8ead570354f7f265013cac11c8491a2f362c124f643ac0b318161c96c00f0292b0f6bf9426537a0450
- SSDEEP
  
  49152:2wimY9PZYPy3bcJnmPgiM+7Zjryr5uCZRk4K25b:2wihPZyyBxVjrwV75b
Score

10^/10

meduza collection discovery spyware stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

meduzacollectiondiscoveryspywarestealer

behavioral2

meduzacollectiondiscoveryspywarestealer

behavioral3

behavioral4

meduzacollectiondiscoveryspywarestealer

© 2018-2024

Terms | Privacy