Meduza Stealer Analysis: A Closer Look at its Techniques and Attack Vector

    Wednesday, December 25, 2024 In: Threat Research Print

    Date: 12/25/2024

    Severity: High 

    Summary

    Meduza Stealer is a rising malware threat designed to harvest sensitive information from compromised systems. Discovered in 2023, it targets various personal and financial data, such as login credentials, payment details, and cryptocurrency wallets. Spread via phishing campaigns, malicious downloads, and exploits, Meduza Stealer uses advanced evasion techniques to bypass antivirus and sandbox defenses.

    Indicators of Compromise (IOC) List

    Hash : 

    4531a1efd815df17d3a6f247d0850ab5e510de2345723e41c062716e65df686e

48a5eb3b0d4d5b8c3b8ae32b638ee0b0b5fb1ce45bb4c30463d697720a136974

5c6985e002a60d821fd7b029b2c5d04c3ee16bb619999202f6dbdf432d229989

93626f2a12a4ab1fbe7e284af0a3368c4041e58428f18429acc64d3f09067a29

a39cb2c31b6724eaa78f60fe29ced83e50ffad7e39efd604a7debdac63a2a80e

cc332b2b190d6bed3bfccf6f7b878a2065cf70babd1cc79a65b7adeadf130323

d61985407f31d1fbba3aaf4e6d1e79c5fc79fa333879fd478a0ffb4d9476a04f

0646980e8e68974948861e60bd4497d17464da101ec697241ba8ea96d86d22c6

1c123f8cd194d826aaa48e97fa67b9db9faa1a5a1ada139f367d56904f6e0c04

322608e24d59934b175fe0f128fc70112b69ac82ed25deb794c98f19af3204f4

545dce672f9a6cad9aa56f689a50403bebd68ca99c2a6b8806b28025f8b3b0a0

5c7f4086a64f90787ea13a00c4dc217d8ec6188abc24e4f2e841f7c805a8cca5

7ba61f3706d900ad4fdf101227727b88ed4da64147d1bdea8b2e9d88e3e73b15

85d96a1ba8fa7426e48bcf430d305c6e4764db53fb86abbe53d9b80c5e474e72

8f52ef228b7cc3178f414984ed686132de1527cb6f04700feeaea20993814eea

9c57d9431e5a3b8206bceadad97108bb59bd08e0e90a4946c41ca268a2093412

a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac

b056dd707d21bd57b256767dc3e13cd8c824cf059ca70f13e2cda9f96b101012

b174f3ba74f08dab33a60a99b4c6a1fa7d021a20b68283a15d82c84367c2c28d

d510497588fe468e45119bf8a094b1be3a9eb2e78e26ddfdc1466911bab8b629

d82fe3ed607a8d4827f6b8f007bae911b7201e9af927ffb7442d571347903ab8

f3cb381e29fe29872b86838500dc6ee2f810865bf5a0b1cd4718b0036c3d51a5

edd39f9eff63770ff224f000a73c5703a7b7225bddc329ef4467ee986be40744

940d413dd95bc28d5c724d814f2cd1ecca005d2cb58ed28788d9c07d962d829b

f3cb381e29fe29872b86838500dc6ee2f810865bf5a0b1cd4718b0036c3d51a5

f862bb143150aa9ee9601ab102264d127caae7f9562dc085030d3429cf89586e

c4199805b4245bdc6667e46cf4ab639b1e661b422b7a4f6372733ac6ca367c83

1420f60f053c3ea5605239ee431e5f487245108b1c01be75d16b5246156fa178

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Hash :

    sha256hash IN ("d82fe3ed607a8d4827f6b8f007bae911b7201e9af927ffb7442d571347903ab8","0646980e8e68974948861e60bd4497d17464da101ec697241ba8ea96d86d22c6","85d96a1ba8fa7426e48bcf430d305c6e4764db53fb86abbe53d9b80c5e474e72","a39cb2c31b6724eaa78f60fe29ced83e50ffad7e39efd604a7debdac63a2a80e","d510497588fe468e45119bf8a094b1be3a9eb2e78e26ddfdc1466911bab8b629","9c57d9431e5a3b8206bceadad97108bb59bd08e0e90a4946c41ca268a2093412","48a5eb3b0d4d5b8c3b8ae32b638ee0b0b5fb1ce45bb4c30463d697720a136974","4531a1efd815df17d3a6f247d0850ab5e510de2345723e41c062716e65df686e","93626f2a12a4ab1fbe7e284af0a3368c4041e58428f18429acc64d3f09067a29","a681393f417174f96a6f0814677b28d81884fb836b501de132eb0003e4782eac","f3cb381e29fe29872b86838500dc6ee2f810865bf5a0b1cd4718b0036c3d51a5","1c123f8cd194d826aaa48e97fa67b9db9faa1a5a1ada139f367d56904f6e0c04","5c6985e002a60d821fd7b029b2c5d04c3ee16bb619999202f6dbdf432d229989","8f52ef228b7cc3178f414984ed686132de1527cb6f04700feeaea20993814eea","322608e24d59934b175fe0f128fc70112b69ac82ed25deb794c98f19af3204f4","b174f3ba74f08dab33a60a99b4c6a1fa7d021a20b68283a15d82c84367c2c28d","545dce672f9a6cad9aa56f689a50403bebd68ca99c2a6b8806b28025f8b3b0a0","cc332b2b190d6bed3bfccf6f7b878a2065cf70babd1cc79a65b7adeadf130323","d61985407f31d1fbba3aaf4e6d1e79c5fc79fa333879fd478a0ffb4d9476a04f","5c7f4086a64f90787ea13a00c4dc217d8ec6188abc24e4f2e841f7c805a8cca5","7ba61f3706d900ad4fdf101227727b88ed4da64147d1bdea8b2e9d88e3e73b15","b056dd707d21bd57b256767dc3e13cd8c824cf059ca70f13e2cda9f96b101012","edd39f9eff63770ff224f000a73c5703a7b7225bddc329ef4467ee986be40744","940d413dd95bc28d5c724d814f2cd1ecca005d2cb58ed28788d9c07d962d829b","f862bb143150aa9ee9601ab102264d127caae7f9562dc085030d3429cf89586e","1420f60f053c3ea5605239ee431e5f487245108b1c01be75d16b5246156fa178","c4199805b4245bdc6667e46cf4ab639b1e661b422b7a4f6372733ac6ca367c83","48a5eb3b0d4d5b8c3b8ae32b638ee0b0b5fb1ce45bb4c30463d697720a136975")

    Reference:   

    https://www.splunk.com/en_us/blog/security/meduza-stealer-analysis.html 


    Tags

    MalwareMeduzaFinancial ServicesExploitPhishing

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.