popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Meduza.exe

UPX Malicious Library Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 20, 2023, 5:06 p.m. July 20, 2023, 5:12 p.m.
Size 730.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 40fbeddad5a68665f9cf789dc4658f1a
SHA256 e5fd0cd5236b8a14e957049d52e422ac1da98077c8f37141cd1a8d0e3938d1b9
CRC32 C396643A
ssdeep 12288:Cl2P4G+a9A35KMRvZLgVALw2/qoBqcoUhpF:ClQJZ9SZLlLdioBqcNp
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer

Name Response Post-Analysis Lookup
api.ipify.org
A 64.185.227.156
CNAME api4.ipify.org
A 104.237.62.211
A 173.231.16.76
104.237.62.211
IP Address Status Action
164.124.101.2 Active Moloch
173.231.16.76 Active Moloch
5.42.77.239 Active Moloch

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
file C:\Program Files\Mozilla Firefox\nss3.dll
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section _RDATA
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\igkpcodhieompeloncfnbekccinhapdb
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\dfmbcapkkeejcpmfhpnglndfkgmalhik
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bocpokimicclpaiekenaeelehdjllofo
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gehmmocbbkpblljhkekmfhjpfbkclbph
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ldinpeekobnhjjdofggfgjlcehhmanlj
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhhldecdfagpbfggphklkaeiocfnaafm
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflal
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Ya Passman Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\apnehcjmnengpnmccpaibjmhhoadaico
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gjagmgiddbbciopjhllkdnddhcglnemk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\UC Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\dppgmdbiimibapkepcbdbmkaabgiofem
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjmkndjhnagcfbpiemnkdpomccnjblmj
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfel
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\oeljdldpnmdbchonielidgobddffflal
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Floc
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\mfgccjchihfkkindfppnaooecgfneiii
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nhhldecdfagpbfggphklkaeiocfnaafm
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\naepdomgkenhinolocfifgehidddafch
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
domain api.ipify.org
file C:\Windows\System32\migwiz.lnk
cmdline "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\Meduza.exe"
cmdline cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\Meduza.exe"
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: cmd.exe
parameters: /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\Meduza.exe"
filepath: cmd.exe
1 1 0
Time & API Arguments Status Return Repeated

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1
base_handle: 0xffffffff80000001
key_handle: 0x0000000000000000
options: 0
access: 0x00020019
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1
2 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4A4AE8F-B9F7-4CC7-8A6C-BF7EEE87ACA5}_is1
base_handle: 0xffffffff80000001
key_handle: 0x0000000000000000
options: 0
access: 0x00020019
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4A4AE8F-B9F7-4CC7-8A6C-BF7EEE87ACA5}_is1
2 0
cmdline "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\Meduza.exe"
cmdline cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\Meduza.exe"
cmdline ping 1.1.1.1 -n 1 -w 3000
host 5.42.77.239
file C:\Users\test22\AppData\Local\AVAST Software\Browser
file C:\Users\test22\AppData\Roaming\AVAST Software\Browser
file C:\Users\test22\AppData\Local\AVG\Browser
file C:\Users\test22\AppData\Roaming\AVG\Browser
file C:\ProgramData\Microsoft\Microsoft Antimalware
file C:\Windows\Sandboxie.ini
file C:\ProgramData\Microsoft\Microsoft Security Client
file C:\Users\test22\AppData\Roaming\Electrum\config
file C:\Users\test22\AppData\Roaming\Electrum\wallets
file C:\Python27\agent.pyw
file C:\tmpvmqcut\analyzer.py
file C:\tmp6o6lvv\analyzer.py
file C:\Windows\debug\PASSWD.LOG
file C:\Windows\SysWOW64\mfcsubs.dll
file C:\Windows\bootstat.dat
file C:\Users\test22\AppData\Local\Thunderbird\Profiles\hzkyl8yo.default
file C:\Users\test22\AppData\Roaming\Thunderbird\Profiles\hzkyl8yo.default
registry HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\HTTPMail Password
registry HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP User Name
file C:\Users\test22\AppData\Roaming\Exodus\exodus.wallet
file C:\Windows\System32\qcap.dll
file C:\Windows\SysWOW64\VBoxOGL.dll
file C:\Windows\Prefetch\VBOXDRVINST.EXE-7DCD6070.pf
Lionic Trojan.Win32.Meduza.4!c
Cynet Malicious (score: 100)
McAfee RDN/Generic PWS.y
Malwarebytes Generic.Malware/Suspicious
VIPRE Generic.Trojan.Meduza.Marte.B.8ACF6519
Sangfor Spyware.Win32.Meduza.Vbga
Alibaba TrojanPSW:Win32/Meduza.203d963f
Cybereason malicious.2d9374
Arcabit Generic.Trojan.Meduza.Marte.B.8ACF6519
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Spy.Agent.FW
APEX Malicious
Kaspersky HEUR:Trojan-PSW.Win32.Meduza.gen
BitDefender Generic.Trojan.Meduza.Marte.B.8ACF6519
MicroWorld-eScan Generic.Trojan.Meduza.Marte.B.8ACF6519
Avast Win64:SpywareX-gen [Trj]
Tencent Win32.Trojan-QQPass.QQRob.Rsmw
Emsisoft Generic.Trojan.Meduza.Marte.B.8ACF6519 (B)
McAfee-GW-Edition BehavesLike.Win64.Dropper.bh
Trapmine suspicious.low.ml.score
FireEye Generic.mg.40fbeddad5a68665
Sophos Mal/Generic-S
Avira TR/Spy.Agent.xjhwr
MAX malware (ai score=88)
Microsoft Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm HEUR:Trojan-PSW.Win32.Meduza.gen
GData Generic.Trojan.Meduza.Marte.B.8ACF6519
AhnLab-V3 Trojan/Win.SpywareX-gen.R589196
ALYac Generic.Trojan.Meduza.Marte.B.8ACF6519
Cylance unsafe
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H0DGJ23
AVG Win64:SpywareX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)