Meduza Stealer or The Return of The Infamous Aurora Stealer – RussianPanda Research Blog
Tags
Common Information
Type | Value |
---|---|
UUID | a575bdad-b22b-4737-829c-1b9644a4019b |
Fingerprint | 1cf8dbfbfbf3c5 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | June 28, 2023, 7:20 p.m. |
Added to db | Aug. 31, 2024, 8:07 a.m. |
Last updated | Dec. 20, 2024, 12:34 p.m. |
Headline | Meduza’s Gaze |
Title | Meduza Stealer or The Return of The Infamous Aurora Stealer – RussianPanda Research Blog |
Detected Hints/Tags/Attributes | 63/2/30 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 219 | ✔ | RussianPanda Research Blog | https://russianpanda.com/feed.xml | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 260 | mail.ru |
|
Details | Domain | 134 | api.ipify.org |
|
Details | File | 42 | key4.db |
|
Details | File | 36 | key3.db |
|
Details | File | 2 | c:\users\79026\source\repos\medusaserver\src\core\parser\chromium.cpp |
|
Details | File | 2 | aurorastealer.cpp |
|
Details | md5 | 2 | add6ae21d25ffe8d312dd10ba98df778 |
|
Details | sha256 | 2 | 702abb15d988bba6155dd440f615bbfab9f3c0ed662fc3e64ab1289a1098af98 |
|
Details | sha256 | 3 | 2ad84bfff7d5257fdeb81b4b52b8e0115f26e8e0cdaa014f9e3084f518aa6149 |
|
Details | sha256 | 2 | f0c730ae57d07440a0de0889db93705c1724f8c3c628ee16a250240cc4f91858 |
|
Details | sha256 | 2 | 1c70f987a0839d11826f053ae90e81a277fa154f5358303fe9a511dbe8b529f2 |
|
Details | sha256 | 2 | cbc07d45dd4967571f86ae75b120b620b701da11c4ebfa9afcae3a0220527972 |
|
Details | sha256 | 2 | afbf62a466552392a4b2c0aa8c51bf3bde84afbe5aa84a2483dc92e906421d0a |
|
Details | sha256 | 2 | 6d8ed1dfcb2d8a9e3c2d51fa106b70a685cbd85569ffabb5692100be75014803 |
|
Details | sha256 | 2 | ddf3604bdfa1e5542cfee4d06a4118214a23f1a65364f44e53e0b68cbfc588ea |
|
Details | sha256 | 2 | f575eb5246b5c6b9044ea04610528c040c982904a5fb3dc1909ce2f0ec15c9ef |
|
Details | sha256 | 2 | 91efe60eb46d284c3cfcb584d93bc5b105bf9b376bee761c504598d064b918d4 |
|
Details | sha256 | 2 | a73e95fb7ba212f74e0116551ccba73dd2ccba87d8927af29499bba9b3287ea7 |
|
Details | IPv4 | 2 | 49.1.12.5 |
|
Details | IPv4 | 2 | 89.185.85.245 |
|
Details | IPv4 | 2 | 79.137.203.39 |
|
Details | IPv4 | 2 | 77.105.147.140 |
|
Details | IPv4 | 2 | 79.137.207.132 |
|
Details | IPv4 | 2 | 79.137.203.37 |
|
Details | IPv4 | 2 | 79.137.203.6 |
|
Details | IPv4 | 2 | 185.106.94.105 |
|
Details | Url | 2 | http://89.185.85.245 |
|
Details | Url | 28 | https://api.ipify.org |
|
Details | Windows Registry Key | 2 | HKEY_CURRENT_USER\SOFTWARE\Medusa |
|
Details | Yara rule | 2 | rule MeduzaStealer { meta: author = "RussianPanda" description = "Detects MeduzaStealer" date = "6/27/2023" strings: $s1 = { 74 69 6D 65 7A 6F 6E 65 } $s2 = { 75 73 65 72 5F 6E 61 6D 65 } $s3 = { 67 70 75 } $s4 = { 63 75 72 72 65 6E 74 5F 70 61 74 68 28 29 } $s5 = { C5 FD EF } $s6 = { 66 0F EF } condition: all of them and filesize < 700KB } |